{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "publisher": { "category": "vendor", "name": "Oracle", "namespace": "https://www.oracle.com" }, "references": [ { "summary": "URL to html version of Advisory", "url": "https://www.oracle.com/security-alerts/cpujan2024.html" }, { "category": "self", "summary": "URL to CSAF version of Advisory", "url": "https://www.oracle.com/docs/tech/security-alerts/cpujan2024csaf.json" } ], "title": "Oracle Critical Patch Update Advisory - January 2024 - Oracle CSAF", "tracking": { "current_release_date": "2024-01-25T16:00:00-07:00", "id": "CPUJan2024csaf", "initial_release_date": "2024-01-16T13:00:00-07:00", "revision_history": [ { "date": "2024-01-16T13:00:00-07:00", "number": "1", "summary": "Initial Release" }, { "date": "2024-01-25T16:00:00-07:00", "number": "2", "summary": "Rev 2. Updated credit name and Java versions" } ], "status": "draft", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Analytics Desktop Version 6.4.0.0.0", "product": { "name": "Oracle Analytics Desktop Version 6.4.0.0.0", "product_id": "P-12791V-6.4.0.0.0" } }, { "category": "product_version", "name": "Oracle Analytics Desktop Version 7.0.0.0.0", "product": { "name": "Oracle Analytics Desktop Version 7.0.0.0.0", "product_id": "P-12791V-7.0.0.0.0" } }, { "category": "product_version_range", "name": "Oracle Analytics Desktop Version Prior to 7.2", "product": { "name": "Oracle Analytics Desktop Version Prior to 7.2", "product_id": "P-12791V-Prior to 7.2" } } ], "category": "product_name", "name": "Oracle Analytics Desktop" }, { "branches": [ { "category": "product_version", "name": "Oracle BI Publisher Version 12.2.1.4.0", "product": { "name": "Oracle BI Publisher Version 12.2.1.4.0", "product_id": "P-1479V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle BI Publisher Version 6.4.0.0.0", "product": { "name": "Oracle BI Publisher Version 6.4.0.0.0", "product_id": "P-1479V-6.4.0.0.0" } }, { "category": "product_version", "name": "Oracle BI Publisher Version 7.0.0.0.0", "product": { "name": "Oracle BI Publisher Version 7.0.0.0.0", "product_id": "P-1479V-7.0.0.0.0" } } ], "category": "product_name", "name": "Oracle BI Publisher" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0", "product_id": "P-2025V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 6.4.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 6.4.0.0.0", "product_id": "P-2025V-6.4.0.0.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 7.0.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 7.0.0.0.0", "product_id": "P-2025V-7.0.0.0.0" } } ], "category": "product_name", "name": "Oracle Business Intelligence Enterprise Edition" } ], "category": "product_family", "name": "Oracle Analytics" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Audit Vault and Database Firewall Version 20.1-20.9", "product": { "name": "Oracle Audit Vault and Database Firewall Version 20.1-20.9", "product_id": "P-9749V-20.1-20.9" } } ], "category": "product_name", "name": "Oracle Audit Vault and Database Firewall" } ], "category": "product_family", "name": "Oracle Audit Vault and Database Firewall" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Big Data Spatial and Graph Version 3.0.4", "product": { "name": "Oracle Big Data Spatial and Graph Version 3.0.4", "product_id": "P-11528V-3.0.4" } } ], "category": "product_name", "name": "Oracle Big Data Spatial and Graph" } ], "category": "product_family", "name": "Oracle Big Data Spatial and Graph" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Commerce Guided Search Version 11.3.2", "product": { "name": "Oracle Commerce Guided Search Version 11.3.2", "product_id": "P-9633V-11.3.2" } } ], "category": "product_name", "name": "Oracle Commerce Guided Search" }, { "branches": [ { "category": "product_version", "name": "Oracle Commerce Platform Version 11.3.2", "product": { "name": "Oracle Commerce Platform Version 11.3.2", "product_id": "P-9348V-11.3.2" } } ], "category": "product_name", "name": "Oracle Commerce Platform" } ], "category": "product_family", "name": "Oracle Commerce" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 23.1.3", "product": { "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 23.1.3", "product_id": "P-14488V-23.1.3" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 23.2.1", "product": { "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 23.2.1", "product_id": "P-14488V-23.2.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 23.3.0", "product_id": "P-14488V-23.3.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Automated Test Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Console Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Console Version 23.3.0", "product_id": "P-14250V-23.3.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Console Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Console Version 23.3.1", "product_id": "P-14250V-23.3.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Console" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Data Analytics Function Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Network Data Analytics Function Version 23.3.0", "product_id": "P-14489V-23.3.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Data Analytics Function Version 23.4.0", "product": { "name": "Oracle Communications Cloud Native Core Network Data Analytics Function Version 23.4.0", "product_id": "P-14489V-23.4.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Data Analytics Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 23.3.1", "product_id": "P-14122V-23.3.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Exposure Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.1.0", "product_id": "P-14125V-23.1.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.2.0", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.2.0", "product_id": "P-14125V-23.2.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.3.1", "product_id": "P-14125V-23.3.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.1.4", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.1.4", "product_id": "P-14118V-23.1.4" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function(Install/Upgrade) Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function(Install/Upgrade) Version 23.3.1", "product_id": "P-14118(Install/Upgrade)V-23.3.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.3.1", "product_id": "P-14118V-23.3.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Repository Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function(Install/Upgrade) Version 23.2.0", "product": { "name": "Oracle Communications Cloud Native Core Network Slice Selection Function(Install/Upgrade) Version 23.2.0", "product_id": "P-14130(Install/Upgrade)V-23.2.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 23.2.0", "product": { "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 23.2.0", "product_id": "P-14130V-23.2.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function(Install/Upgrade) Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Network Slice Selection Function(Install/Upgrade) Version 23.3.1", "product_id": "P-14130(Install/Upgrade)V-23.3.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 23.3.1", "product_id": "P-14130V-23.3.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.0", "product_id": "P-14123V-23.1.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.2.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.2.0", "product_id": "P-14123V-23.2.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.3.0", "product_id": "P-14123V-23.3.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository(Signaling) Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository(Signaling) Version 23.3.1", "product_id": "P-14119(Signaling)V-23.3.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.3.1", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.3.1", "product_id": "P-14119V-23.3.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Unified Data Repository" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Diameter Signaling Router Version 8.6.0.0", "product": { "name": "Oracle Communications Diameter Signaling Router Version 8.6.0.0", "product_id": "P-10899V-8.6.0.0" } }, { "category": "product_version", "name": "Oracle Communications Diameter Signaling Router Version 9.0.0.0", "product": { "name": "Oracle Communications Diameter Signaling Router Version 9.0.0.0", "product_id": "P-10899V-9.0.0.0" } } ], "category": "product_name", "name": "Oracle Communications Diameter Signaling Router" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Element Manager Version 9.0.0.0.0-9.0.2.0.1", "product": { "name": "Oracle Communications Element Manager Version 9.0.0.0.0-9.0.2.0.1", "product_id": "P-11052V-9.0.0.0.0-9.0.2.0.1" } }, { "category": "product_version", "name": "Oracle Communications Element Manager Version 9.4.53", "product": { "name": "Oracle Communications Element Manager Version 9.4.53", "product_id": "P-11052V-9.4.53" } } ], "category": "product_name", "name": "Oracle Communications Element Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Fraud Monitor Version 5.0", "product": { "name": "Oracle Communications Fraud Monitor Version 5.0", "product_id": "P-10763V-5.0" } }, { "category": "product_version", "name": "Oracle Communications Fraud Monitor Version 5.1", "product": { "name": "Oracle Communications Fraud Monitor Version 5.1", "product_id": "P-10763V-5.1" } } ], "category": "product_name", "name": "Oracle Communications Fraud Monitor" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director(General) Version 23.2.0.0.2", "product": { "name": "Oracle Communications Network Analytics Data Director(General) Version 23.2.0.0.2", "product_id": "P-14547(General)V-23.2.0.0.2" } }, { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director(Install/Upgrade) Version 23.2.0.0.2", "product": { "name": "Oracle Communications Network Analytics Data Director(Install/Upgrade) Version 23.2.0.0.2", "product_id": "P-14547(Install/Upgrade)V-23.2.0.0.2" } }, { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director(Third Party) Version 23.2.0.0.2", "product": { "name": "Oracle Communications Network Analytics Data Director(Third Party) Version 23.2.0.0.2", "product_id": "P-14547(Third Party)V-23.2.0.0.2" } }, { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director Version 23.2.0.0.2", "product": { "name": "Oracle Communications Network Analytics Data Director Version 23.2.0.0.2", "product_id": "P-14547V-23.2.0.0.2" } }, { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director(General) Version 23.3.0.0.0", "product": { "name": "Oracle Communications Network Analytics Data Director(General) Version 23.3.0.0.0", "product_id": "P-14547(General)V-23.3.0.0.0" } }, { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director(Install/Upgrade) Version 23.3.0.0.0", "product": { "name": "Oracle Communications Network Analytics Data Director(Install/Upgrade) Version 23.3.0.0.0", "product_id": "P-14547(Install/Upgrade)V-23.3.0.0.0" } }, { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director(Third Party) Version 23.3.0.0.0", "product": { "name": "Oracle Communications Network Analytics Data Director(Third Party) Version 23.3.0.0.0", "product_id": "P-14547(Third Party)V-23.3.0.0.0" } }, { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director Version 23.3.0.0.0", "product": { "name": "Oracle Communications Network Analytics Data Director Version 23.3.0.0.0", "product_id": "P-14547V-23.3.0.0.0" } } ], "category": "product_name", "name": "Oracle Communications Network Analytics Data Director" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Policy Management Version 12.6.1.0.0", "product": { "name": "Oracle Communications Policy Management Version 12.6.1.0.0", "product_id": "P-10900V-12.6.1.0.0" } }, { "category": "product_version", "name": "Oracle Communications Policy Management Version 15.0.0.0.0", "product": { "name": "Oracle Communications Policy Management Version 15.0.0.0.0", "product_id": "P-10900V-15.0.0.0.0" } } ], "category": "product_name", "name": "Oracle Communications Policy Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Session Report Manager Version 9.0.0.0.0-9.0.2.0.1", "product": { "name": "Oracle Communications Session Report Manager Version 9.0.0.0.0-9.0.2.0.1", "product_id": "P-10770V-9.0.0.0.0-9.0.2.0.1" } }, { "category": "product_version", "name": "Oracle Communications Session Report Manager Version 9.4.53", "product": { "name": "Oracle Communications Session Report Manager Version 9.4.53", "product_id": "P-10770V-9.4.53" } } ], "category": "product_name", "name": "Oracle Communications Session Report Manager" } ], "category": "product_family", "name": "Oracle Communications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Communications ASAP Version 7.4", "product": { "name": "Oracle Communications ASAP Version 7.4", "product_id": "P-2260V-7.4" } } ], "category": "product_name", "name": "Oracle Communications ASAP" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4-12.0.0.7", "product": { "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4-12.0.0.7", "product_id": "P-9742V-12.0.0.4-12.0.0.7" } }, { "category": "product_version_range", "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4-12.0.0.8", "product": { "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4-12.0.0.8", "product_id": "P-9742V-12.0.0.4-12.0.0.8" } } ], "category": "product_name", "name": "Oracle Communications BRM - Elastic Charging Engine" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Billing and Revenue Management Version 12.0.0.4.0-12.0.0.8.0", "product": { "name": "Oracle Communications Billing and Revenue Management Version 12.0.0.4.0-12.0.0.8.0", "product_id": "P-2136V-12.0.0.4.0-12.0.0.8.0" } }, { "category": "product_version", "name": "Oracle Communications Billing and Revenue Management Version 15.0.0.0.0", "product": { "name": "Oracle Communications Billing and Revenue Management Version 15.0.0.0.0", "product_id": "P-2136V-15.0.0.0.0" } } ], "category": "product_name", "name": "Oracle Communications Billing and Revenue Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Convergence Version 3.0.3.2", "product": { "name": "Oracle Communications Convergence Version 3.0.3.2", "product_id": "P-8501V-3.0.3.2" } }, { "category": "product_version", "name": "Oracle Communications Convergence Version 3.0.3.3", "product": { "name": "Oracle Communications Convergence Version 3.0.3.3", "product_id": "P-8501V-3.0.3.3" } } ], "category": "product_name", "name": "Oracle Communications Convergence" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Convergent Charging Controller Version 12.0.1.0.0-12.0.6.0.0", "product": { "name": "Oracle Communications Convergent Charging Controller Version 12.0.1.0.0-12.0.6.0.0", "product_id": "P-12985V-12.0.1.0.0-12.0.6.0.0" } }, { "category": "product_version", "name": "Oracle Communications Convergent Charging Controller Version 12.0.6.0.0", "product": { "name": "Oracle Communications Convergent Charging Controller Version 12.0.6.0.0", "product_id": "P-12985V-12.0.6.0.0" } }, { "category": "product_version", "name": "Oracle Communications Convergent Charging Controller Version 15.0.0.0.0", "product": { "name": "Oracle Communications Convergent Charging Controller Version 15.0.0.0.0", "product_id": "P-12985V-15.0.0.0.0" } }, { "category": "product_version", "name": "Oracle Communications Convergent Charging Controller Version 6.0.1.0.0", "product": { "name": "Oracle Communications Convergent Charging Controller Version 6.0.1.0.0", "product_id": "P-12985V-6.0.1.0.0" } } ], "category": "product_name", "name": "Oracle Communications Convergent Charging Controller" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications IP Service Activator Version 7.4.0", "product": { "name": "Oracle Communications IP Service Activator Version 7.4.0", "product_id": "P-2261V-7.4.0" } }, { "category": "product_version", "name": "Oracle Communications IP Service Activator Version 7.5.0", "product": { "name": "Oracle Communications IP Service Activator Version 7.5.0", "product_id": "P-2261V-7.5.0" } } ], "category": "product_name", "name": "Oracle Communications IP Service Activator" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Instant Messaging Server Version 10.0.1.7.0", "product": { "name": "Oracle Communications Instant Messaging Server Version 10.0.1.7.0", "product_id": "P-8495V-10.0.1.7.0" } } ], "category": "product_name", "name": "Oracle Communications Instant Messaging Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Messaging Server Version 8.1.0.24.0", "product": { "name": "Oracle Communications Messaging Server Version 8.1.0.24.0", "product_id": "P-8496V-8.1.0.24.0" } } ], "category": "product_name", "name": "Oracle Communications Messaging Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications MetaSolv Solution Version 6.3.1.0.0", "product": { "name": "Oracle Communications MetaSolv Solution Version 6.3.1.0.0", "product_id": "P-2267V-6.3.1.0.0" } } ], "category": "product_name", "name": "Oracle Communications MetaSolv Solution" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Network Charging and Control Version 12.0.1.0.0-12.0.6.0.0", "product": { "name": "Oracle Communications Network Charging and Control Version 12.0.1.0.0-12.0.6.0.0", "product_id": "P-4623V-12.0.1.0.0-12.0.6.0.0" } }, { "category": "product_version", "name": "Oracle Communications Network Charging and Control Version 12.0.6.0.0", "product": { "name": "Oracle Communications Network Charging and Control Version 12.0.6.0.0", "product_id": "P-4623V-12.0.6.0.0" } }, { "category": "product_version", "name": "Oracle Communications Network Charging and Control Version 15.0.0.0.0", "product": { "name": "Oracle Communications Network Charging and Control Version 15.0.0.0.0", "product_id": "P-4623V-15.0.0.0.0" } }, { "category": "product_version", "name": "Oracle Communications Network Charging and Control Version 6.0.1.0.0", "product": { "name": "Oracle Communications Network Charging and Control Version 6.0.1.0.0", "product_id": "P-4623V-6.0.1.0.0" } } ], "category": "product_name", "name": "Oracle Communications Network Charging and Control" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.4.0", "product": { "name": "Oracle Communications Order and Service Management Version 7.4.0", "product_id": "P-2270V-7.4.0" } }, { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.4.1", "product": { "name": "Oracle Communications Order and Service Management Version 7.4.1", "product_id": "P-2270V-7.4.1" } } ], "category": "product_name", "name": "Oracle Communications Order and Service Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Pricing Design Center Version 12.0.0.4.0-12.0.0.8.0", "product": { "name": "Oracle Communications Pricing Design Center Version 12.0.0.4.0-12.0.0.8.0", "product_id": "P-9437V-12.0.0.4.0-12.0.0.8.0" } }, { "category": "product_version", "name": "Oracle Communications Pricing Design Center Version 15.0.0.0.0", "product": { "name": "Oracle Communications Pricing Design Center Version 15.0.0.0.0", "product_id": "P-9437V-15.0.0.0.0" } } ], "category": "product_name", "name": "Oracle Communications Pricing Design Center" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Service Catalog and Design(PSR Designer) Version 7.4.0.7.0", "product": { "name": "Oracle Communications Service Catalog and Design(PSR Designer) Version 7.4.0.7.0", "product_id": "P-2283(PSR Designer)V-7.4.0.7.0" } }, { "category": "product_version", "name": "Oracle Communications Service Catalog and Design Version 7.4.0.7.0", "product": { "name": "Oracle Communications Service Catalog and Design Version 7.4.0.7.0", "product_id": "P-2283V-7.4.0.7.0" } }, { "category": "product_version", "name": "Oracle Communications Service Catalog and Design(PSR Designer) Version 7.4.1.5.0", "product": { "name": "Oracle Communications Service Catalog and Design(PSR Designer) Version 7.4.1.5.0", "product_id": "P-2283(PSR Designer)V-7.4.1.5.0" } }, { "category": "product_version", "name": "Oracle Communications Service Catalog and Design Version 7.4.1.5.0", "product": { "name": "Oracle Communications Service Catalog and Design Version 7.4.1.5.0", "product_id": "P-2283V-7.4.1.5.0" } }, { "category": "product_version", "name": "Oracle Communications Service Catalog and Design(PSR Designer) Version 7.4.2.8.0", "product": { "name": "Oracle Communications Service Catalog and Design(PSR Designer) Version 7.4.2.8.0", "product_id": "P-2283(PSR Designer)V-7.4.2.8.0" } }, { "category": "product_version", "name": "Oracle Communications Service Catalog and Design Version 7.4.2.8.0", "product": { "name": "Oracle Communications Service Catalog and Design Version 7.4.2.8.0", "product_id": "P-2283V-7.4.2.8.0" } } ], "category": "product_name", "name": "Oracle Communications Service Catalog and Design" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 5.0.0-5.5.19", "product": { "name": "Oracle Communications Unified Assurance Version 5.0.0-5.5.19", "product_id": "P-14597V-5.0.0-5.5.19" } }, { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 5.5.0-5.5.19", "product": { "name": "Oracle Communications Unified Assurance Version 5.5.0-5.5.19", "product_id": "P-14597V-5.5.0-5.5.19" } }, { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 6.0.0-6.0.3", "product": { "name": "Oracle Communications Unified Assurance Version 6.0.0-6.0.3", "product_id": "P-14597V-6.0.0-6.0.3" } } ], "category": "product_name", "name": "Oracle Communications Unified Assurance" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.4.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.0", "product_id": "P-4516V-7.4.0" } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.4.1", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.1", "product_id": "P-4516V-7.4.1" } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.4.2", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.2", "product_id": "P-4516V-7.4.2" } } ], "category": "product_name", "name": "Oracle Communications Unified Inventory Management" } ], "category": "product_family", "name": "Oracle Communications Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 19.12.0-19.12.22", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 19.12.0-19.12.22", "product_id": "P-5579V-19.12.0-19.12.22" } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 20.12.0-20.12.20", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 20.12.0-20.12.20", "product_id": "P-5579V-20.12.0-20.12.20" } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 21.12.0-21.12.17", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 21.12.0-21.12.17", "product_id": "P-5579V-21.12.0-21.12.17" } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.0-22.12.10", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.0-22.12.10", "product_id": "P-5579V-22.12.0-22.12.10" } } ], "category": "product_name", "name": "Primavera P6 Enterprise Project Portfolio Management" }, { "branches": [ { "category": "product_version_range", "name": "Primavera Unifier Version 19.12.0-19.12.16", "product": { "name": "Primavera Unifier Version 19.12.0-19.12.16", "product_id": "P-10354V-19.12.0-19.12.16" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 20.12.0-20.12.16", "product": { "name": "Primavera Unifier Version 20.12.0-20.12.16", "product_id": "P-10354V-20.12.0-20.12.16" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 21.12.0-21.12.17", "product": { "name": "Primavera Unifier Version 21.12.0-21.12.17", "product_id": "P-10354V-21.12.0-21.12.17" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 22.12.0-22.12.11", "product": { "name": "Primavera Unifier Version 22.12.0-22.12.11", "product_id": "P-10354V-22.12.0-22.12.11" } } ], "category": "product_name", "name": "Primavera Unifier" } ], "category": "product_family", "name": "Oracle Construction and Engineering" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Autonomous Health Framework Version 22.3-23.8", "product": { "name": "Oracle Autonomous Health Framework Version 22.3-23.8", "product_id": "P-14634V-22.3-23.8" } }, { "category": "product_version", "name": "Oracle Autonomous Health Framework Version 23.10", "product": { "name": "Oracle Autonomous Health Framework Version 23.10", "product_id": "P-14634V-23.10" } }, { "category": "product_version_range", "name": "Oracle Autonomous Health Framework Version 23.9.0-23.9.4", "product": { "name": "Oracle Autonomous Health Framework Version 23.9.0-23.9.4", "product_id": "P-14634V-23.9.0-23.9.4" } } ], "category": "product_name", "name": "Oracle Autonomous Health Framework" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Database Server(Grid Infrastructure) Version 19.3-19.21", "product": { "name": "Oracle Database Server(Grid Infrastructure) Version 19.3-19.21", "product_id": "P-5(Grid Infrastructure)V-19.3-19.21" } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 19.3-19.21", "product": { "name": "Oracle Database Server(Java VM) Version 19.3-19.21", "product_id": "P-5(Java VM)V-19.3-19.21" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Fleet Patching and Provisioning) Version 19.3-19.21", "product": { "name": "Oracle Database Server(Oracle Database Fleet Patching and Provisioning) Version 19.3-19.21", "product_id": "P-5(Oracle Database Fleet Patching and Provisioning)V-19.3-19.21" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Notification Server) Version 19.3-19.21", "product": { "name": "Oracle Database Server(Oracle Notification Server) Version 19.3-19.21", "product_id": "P-5(Oracle Notification Server)V-19.3-19.21" } }, { "category": "product_version_range", "name": "Oracle Database Server(Grid Infrastructure) Version 21.3-21.12", "product": { "name": "Oracle Database Server(Grid Infrastructure) Version 21.3-21.12", "product_id": "P-5(Grid Infrastructure)V-21.3-21.12" } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 21.3-21.12", "product": { "name": "Oracle Database Server(Java VM) Version 21.3-21.12", "product_id": "P-5(Java VM)V-21.3-21.12" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Fleet Patching and Provisioning) Version 21.3-21.12", "product": { "name": "Oracle Database Server(Oracle Database Fleet Patching and Provisioning) Version 21.3-21.12", "product_id": "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.12" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Workload Manager) Version 21.3-21.12", "product": { "name": "Oracle Database Server(Oracle Database Workload Manager) Version 21.3-21.12", "product_id": "P-5(Oracle Database Workload Manager)V-21.3-21.12" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Notification Server) Version 21.3-21.12", "product": { "name": "Oracle Database Server(Oracle Notification Server) Version 21.3-21.12", "product_id": "P-5(Oracle Notification Server)V-21.3-21.12" } }, { "category": "product_version_range", "name": "Oracle Database Server(SQLcl) Version 21.3-21.12", "product": { "name": "Oracle Database Server(SQLcl) Version 21.3-21.12", "product_id": "P-5(SQLcl)V-21.3-21.12" } } ], "category": "product_name", "name": "Oracle Database Server" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Spatial and Graph Version 19.3-19.21", "product": { "name": "Oracle Spatial and Graph Version 19.3-19.21", "product_id": "P-619V-19.3-19.21" } }, { "category": "product_version_range", "name": "Oracle Spatial and Graph Version 21.3-21.12", "product": { "name": "Oracle Spatial and Graph Version 21.3-21.12", "product_id": "P-619V-21.3-21.12" } }, { "category": "product_version", "name": "Oracle Spatial and Graph Version 23.3", "product": { "name": "Oracle Spatial and Graph Version 23.3", "product_id": "P-619V-23.3" } } ], "category": "product_name", "name": "Oracle Spatial and Graph" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Text Version 19.3-19.21", "product": { "name": "Oracle Text Version 19.3-19.21", "product_id": "P-211V-19.3-19.21" } } ], "category": "product_name", "name": "Oracle Text" }, { "branches": [ { "category": "product_version_range", "name": "SQLcl Version 19.3-19.21", "product": { "name": "SQLcl Version 19.3-19.21", "product_id": "P-13824V-19.3-19.21" } }, { "category": "product_version_range", "name": "SQLcl Version 21.3-21.12", "product": { "name": "SQLcl Version 21.3-21.12", "product_id": "P-13824V-21.3-21.12" } } ], "category": "product_name", "name": "SQLcl" } ], "category": "product_family", "name": "Oracle Database Server" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Application Object Library Version 12.2.3-12.2.13", "product": { "name": "Oracle Application Object Library Version 12.2.3-12.2.13", "product_id": "P-510V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Application Object Library" }, { "branches": [ { "category": "product_version_range", "name": "Oracle CRM Technical Foundation Version 12.2.3-12.2.13", "product": { "name": "Oracle CRM Technical Foundation Version 12.2.3-12.2.13", "product_id": "P-1199V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle CRM Technical Foundation" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Common Applications Version 12.2.3-12.2.13", "product": { "name": "Oracle Common Applications Version 12.2.3-12.2.13", "product_id": "P-1198V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Common Applications" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Customer Interaction History Version 12.2.3-12.2.13", "product": { "name": "Oracle Customer Interaction History Version 12.2.3-12.2.13", "product_id": "P-1374V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Customer Interaction History" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Installed Base Version 12.2.3-12.2.13", "product": { "name": "Oracle Installed Base Version 12.2.3-12.2.13", "product_id": "P-1118V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Installed Base" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Knowledge Management Version 12.2.3-12.2.13", "product": { "name": "Oracle Knowledge Management Version 12.2.3-12.2.13", "product_id": "P-1351V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Knowledge Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle One-to-One Fulfillment Version 12.2.3-12.2.13", "product": { "name": "Oracle One-to-One Fulfillment Version 12.2.3-12.2.13", "product_id": "P-1379V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle One-to-One Fulfillment" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Web Applications Desktop Integrator Version 12.2.3-12.2.13", "product": { "name": "Oracle Web Applications Desktop Integrator Version 12.2.3-12.2.13", "product_id": "P-1171V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle Web Applications Desktop Integrator" }, { "branches": [ { "category": "product_version_range", "name": "Oracle iStore Version 12.2.3-12.2.13", "product": { "name": "Oracle iStore Version 12.2.3-12.2.13", "product_id": "P-384V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle iStore" }, { "branches": [ { "category": "product_version_range", "name": "Oracle iSupport Version 12.2.3-12.2.13", "product": { "name": "Oracle iSupport Version 12.2.3-12.2.13", "product_id": "P-381V-12.2.3-12.2.13" } } ], "category": "product_name", "name": "Oracle iSupport" } ], "category": "product_family", "name": "Oracle E-Business Suite" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Application Testing Suite Version 13.3.0.1", "product": { "name": "Oracle Application Testing Suite Version 13.3.0.1", "product_id": "P-4622V-13.3.0.1" } } ], "category": "product_name", "name": "Oracle Application Testing Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform(Agent Next Gen) Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager Base Platform(Agent Next Gen) Version 13.5.0.0", "product_id": "P-1370(Agent Next Gen)V-13.5.0.0" } }, { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform(Extensibility Framework) Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager Base Platform(Extensibility Framework) Version 13.5.0.0", "product_id": "P-1370(Extensibility Framework)V-13.5.0.0" } }, { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager Base Platform Version 13.5.0.0", "product_id": "P-1370V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager Base Platform" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager Ops Center Version 12.4.0.0", "product": { "name": "Oracle Enterprise Manager Ops Center Version 12.4.0.0", "product_id": "P-9835V-12.4.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager Ops Center" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager for Fusion Middleware Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager for Fusion Middleware Version 13.5.0.0", "product_id": "P-1369V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager for Fusion Middleware" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager for Oracle Database Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager for Oracle Database Version 13.5.0.0", "product_id": "P-1366V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager for Oracle Database" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager for Oracle Virtual Infrastructure Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager for Oracle Virtual Infrastructure Version 13.5.0.0", "product_id": "P-10665V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager for Oracle Virtual Infrastructure" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager for Virtualization Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager for Virtualization Version 13.5.0.0", "product_id": "P-9586V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager for Virtualization" } ], "category": "product_family", "name": "Oracle Enterprise Manager" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Essbase Version 21.5.3.0.0", "product": { "name": "Oracle Essbase Version 21.5.3.0.0", "product_id": "P-4379V-21.5.3.0.0" } } ], "category": "product_name", "name": "Oracle Essbase" } ], "category": "product_family", "name": "Oracle Essbase" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Banking APIs Version 19.1.0", "product": { "name": "Oracle Banking APIs Version 19.1.0", "product_id": "P-13676V-19.1.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 21.1.0", "product": { "name": "Oracle Banking APIs Version 21.1.0", "product_id": "P-13676V-21.1.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 22.1.0", "product": { "name": "Oracle Banking APIs Version 22.1.0", "product_id": "P-13676V-22.1.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 22.2.0", "product": { "name": "Oracle Banking APIs Version 22.2.0", "product_id": "P-13676V-22.2.0" } } ], "category": "product_name", "name": "Oracle Banking APIs" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Branch Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Branch Version 14.5.0-14.7.0", "product_id": "P-14324V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Branch" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Cash Management Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Cash Management Version 14.5.0-14.7.0", "product_id": "P-14195V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Cash Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Collections and Recovery Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Collections and Recovery Version 14.5.0-14.7.0", "product_id": "P-14742V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Collections and Recovery" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Corporate Lending Process Management Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Corporate Lending Process Management Version 14.5.0-14.7.0", "product_id": "P-13701V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Corporate Lending Process Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Credit Facilities Process Management Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Credit Facilities Process Management Version 14.5.0-14.7.0", "product_id": "P-13703V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Credit Facilities Process Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Digital Experience Version 19.1.0", "product": { "name": "Oracle Banking Digital Experience Version 19.1.0", "product_id": "P-12605V-19.1.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 21.1.0", "product": { "name": "Oracle Banking Digital Experience Version 21.1.0", "product_id": "P-12605V-21.1.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 22.1.0", "product": { "name": "Oracle Banking Digital Experience Version 22.1.0", "product_id": "P-12605V-22.1.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 22.2.0", "product": { "name": "Oracle Banking Digital Experience Version 22.2.0", "product_id": "P-12605V-22.2.0" } } ], "category": "product_name", "name": "Oracle Banking Digital Experience" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Electronic Data Exchange for Corporates Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Electronic Data Exchange for Corporates Version 14.5.0-14.7.0", "product_id": "P-14393V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Electronic Data Exchange for Corporates" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Enterprise Default Management Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Enterprise Default Management Version 14.5.0-14.7.0", "product_id": "P-13390V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Enterprise Default Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Extensibility Workbench Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Extensibility Workbench Version 14.5.0-14.7.0", "product_id": "P-14124V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Extensibility Workbench" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Liquidity Management Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.5.0-14.7.0", "product_id": "P-13304V-14.5.0-14.7.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.7.0.3.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.7.0.3.0", "product_id": "P-13304V-14.7.0.3.0" } } ], "category": "product_name", "name": "Oracle Banking Liquidity Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Origination Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Origination Version 14.5.0-14.7.0", "product_id": "P-14325V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Origination" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Party Management Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Party Management Version 14.5.0-14.7.0", "product_id": "P-13929V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Party Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Supply Chain Finance Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Supply Chain Finance Version 14.5.0-14.7.0", "product_id": "P-13872V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Supply Chain Finance" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Trade Finance Process Management Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Trade Finance Process Management Version 14.5.0-14.7.0", "product_id": "P-13718V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Trade Finance Process Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Virtual Account Management Version 14.5.0-14.7.0", "product": { "name": "Oracle Banking Virtual Account Management Version 14.5.0-14.7.0", "product_id": "P-13487V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Virtual Account Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 14.5.0-14.7.0", "product": { "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 14.5.0-14.7.0", "product_id": "P-9100V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle FLEXCUBE Investor Servicing Version 14.5.0-14.7.0", "product": { "name": "Oracle FLEXCUBE Investor Servicing Version 14.5.0-14.7.0", "product_id": "P-9099V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle FLEXCUBE Investor Servicing" }, { "branches": [ { "category": "product_version_range", "name": "Oracle FLEXCUBE Private Banking Version 14.5.0-14.7.0", "product": { "name": "Oracle FLEXCUBE Private Banking Version 14.5.0-14.7.0", "product_id": "P-9110V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle FLEXCUBE Private Banking" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.7", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.7", "product_id": "P-5680V-8.0.7" } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.8", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.8", "product_id": "P-5680V-8.0.8" } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.9", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.9", "product_id": "P-5680V-8.0.9" } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.0", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.0", "product_id": "P-5680V-8.1.0" } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.1", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.1", "product_id": "P-5680V-8.1.1" } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2", "product_id": "P-5680V-8.1.2" } } ], "category": "product_name", "name": "Oracle Financial Services Analytical Applications Infrastructure" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.0.8.1", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.0.8.1", "product_id": "P-9190V-8.0.8.1" } }, { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.1.1", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.1.1", "product_id": "P-9190V-8.1.1.1" } }, { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.5", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.5", "product_id": "P-9190V-8.1.2.5" } }, { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.6", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.6", "product_id": "P-9190V-8.1.2.6" } } ], "category": "product_name", "name": "Oracle Financial Services Behavior Detection Platform" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Compliance Studio Version 8.1.2.5", "product": { "name": "Oracle Financial Services Compliance Studio Version 8.1.2.5", "product_id": "P-14392V-8.1.2.5" } } ], "category": "product_name", "name": "Oracle Financial Services Compliance Studio" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.0.8.2", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.0.8.2", "product_id": "P-13545V-8.0.8.2" } }, { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.1.1.1", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.1.1.1", "product_id": "P-13545V-8.1.1.1" } }, { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.5", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.5", "product_id": "P-13545V-8.1.2.5" } }, { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.6", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.6", "product_id": "P-13545V-8.1.2.6" } } ], "category": "product_name", "name": "Oracle Financial Services Enterprise Case Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Financial Services Lending and Leasing Version 14.5.0-14.7.0", "product": { "name": "Oracle Financial Services Lending and Leasing Version 14.5.0-14.7.0", "product_id": "P-10484V-14.5.0-14.7.0" } } ], "category": "product_name", "name": "Oracle Financial Services Lending and Leasing" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 2.7.1", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 2.7.1", "product_id": "P-5322V-2.7.1" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 2.8.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 2.8.0", "product_id": "P-5322V-2.8.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing(Pricing Services) Version 2.9.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing(Pricing Services) Version 2.9.0", "product_id": "P-5322(Pricing Services)V-2.9.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 2.9.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 2.9.0", "product_id": "P-5322V-2.9.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 2.9.1", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 2.9.1", "product_id": "P-5322V-2.9.1" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 3.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 3.0.0", "product_id": "P-5322V-3.0.0" } }, { "category": "product_version_range", "name": "Oracle Financial Services Revenue Management and Billing Version 3.0.0-3.2.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 3.0.0-3.2.0", "product_id": "P-5322V-3.0.0-3.2.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 3.1.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 3.1.0", "product_id": "P-5322V-3.1.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 3.2.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 3.2.0", "product_id": "P-5322V-3.2.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 4.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 4.0.0", "product_id": "P-5322V-4.0.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 5.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 5.0.0", "product_id": "P-5322V-5.0.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing(Security) Version 5.1.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing(Security) Version 5.1.0", "product_id": "P-5322(Security)V-5.1.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 5.1.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 5.1.0", "product_id": "P-5322V-5.1.0" } }, { "category": "product_version", "name": "Oracle Financial Services Revenue Management and Billing Version 6.0.0", "product": { "name": "Oracle Financial Services Revenue Management and Billing Version 6.0.0", "product_id": "P-5322V-6.0.0" } } ], "category": "product_name", "name": "Oracle Financial Services Revenue Management and Billing" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Version 8.0.8", "product": { "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Version 8.0.8", "product_id": "P-13789V-8.0.8" } } ], "category": "product_name", "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition" } ], "category": "product_family", "name": "Oracle Financial Services Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Access Manager Version 12.2.1.4.0", "product": { "name": "Oracle Access Manager Version 12.2.1.4.0", "product_id": "P-5565V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Access Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Process Management Suite Version 12.2.1.4.0", "product": { "name": "Oracle Business Process Management Suite Version 12.2.1.4.0", "product_id": "P-5325V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Business Process Management Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Coherence(Third Party) Version 12.2.1.4.0", "product": { "name": "Oracle Coherence(Third Party) Version 12.2.1.4.0", "product_id": "P-2545(Third Party)V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Coherence Version 12.2.1.4.0", "product": { "name": "Oracle Coherence Version 12.2.1.4.0", "product_id": "P-2545V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Coherence(Third Party) Version 14.1.1.0.0", "product": { "name": "Oracle Coherence(Third Party) Version 14.1.1.0.0", "product_id": "P-2545(Third Party)V-14.1.1.0.0" } }, { "category": "product_version", "name": "Oracle Coherence Version 14.1.1.0.0", "product": { "name": "Oracle Coherence Version 14.1.1.0.0", "product_id": "P-2545V-14.1.1.0.0" } } ], "category": "product_name", "name": "Oracle Coherence" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Data Quality Version 12.2.1.4.0", "product": { "name": "Oracle Enterprise Data Quality Version 12.2.1.4.0", "product_id": "P-9464V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Enterprise Data Quality" }, { "branches": [ { "category": "product_version", "name": "Oracle Fusion Middleware Version 12.2.1.4.0", "product": { "name": "Oracle Fusion Middleware Version 12.2.1.4.0", "product_id": "P-1032V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Fusion Middleware" }, { "branches": [ { "category": "product_version", "name": "Oracle HTTP Server Version 12.2.1.4.0", "product": { "name": "Oracle HTTP Server Version 12.2.1.4.0", "product_id": "P-1042V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle HTTP Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Identity Manager Version 12.2.1.4.0", "product": { "name": "Oracle Identity Manager Version 12.2.1.4.0", "product_id": "P-1980V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Identity Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle JDeveloper Version 12.2.1.4.0", "product": { "name": "Oracle JDeveloper Version 12.2.1.4.0", "product_id": "P-807V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle JDeveloper" }, { "branches": [ { "category": "product_version", "name": "Oracle Managed File Transfer Version 12.2.1.4.0", "product": { "name": "Oracle Managed File Transfer Version 12.2.1.4.0", "product_id": "P-10198V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Managed File Transfer" }, { "branches": [ { "category": "product_version", "name": "Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0", "product": { "name": "Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0", "product_id": "P-4647V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Middleware Common Libraries and Tools" }, { "branches": [ { "category": "product_version", "name": "Oracle Outside In Technology Version 8.5.6", "product": { "name": "Oracle Outside In Technology Version 8.5.6", "product_id": "P-2276V-8.5.6" } } ], "category": "product_name", "name": "Oracle Outside In Technology" }, { "branches": [ { "category": "product_version", "name": "Oracle SOA Suite Version 12.2.1.4.0", "product": { "name": "Oracle SOA Suite Version 12.2.1.4.0", "product_id": "P-1162V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle SOA Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Service Bus Version 12.2.1.4.0", "product": { "name": "Oracle Service Bus Version 12.2.1.4.0", "product_id": "P-5308V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Service Bus" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Content Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Content Version 12.2.1.4.0", "product_id": "P-2271V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle WebCenter Content" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Portal Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Portal Version 12.2.1.4.0", "product_id": "P-1696V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle WebCenter Portal" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Sites Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Sites Version 12.2.1.4.0", "product_id": "P-9617V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle WebCenter Sites" }, { "branches": [ { "category": "product_version", "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product": { "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product_id": "P-5242V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product": { "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product_id": "P-5242V-14.1.1.0.0" } } ], "category": "product_name", "name": "Oracle WebLogic Server" } ], "category": "product_family", "name": "Oracle Fusion Middleware" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Global Lifecycle Management OPatch Version Prior to 12.2.0.1.40", "product": { "name": "Oracle Global Lifecycle Management OPatch Version Prior to 12.2.0.1.40", "product_id": "P-12753V-Prior to 12.2.0.1.40" } } ], "category": "product_name", "name": "Oracle Global Lifecycle Management OPatch" } ], "category": "product_family", "name": "Oracle Global Lifecycle Management" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "GoldenGate Big Data and Application Adapters Version 19.1.0.0.0-19.1.0.0.16", "product": { "name": "GoldenGate Big Data and Application Adapters Version 19.1.0.0.0-19.1.0.0.16", "product_id": "P-5760V-19.1.0.0.0-19.1.0.0.16" } }, { "category": "product_version_range", "name": "GoldenGate Big Data and Application Adapters Version 21.3-21.12", "product": { "name": "GoldenGate Big Data and Application Adapters Version 21.3-21.12", "product_id": "P-5760V-21.3-21.12" } } ], "category": "product_name", "name": "GoldenGate Big Data and Application Adapters" }, { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Version 19.1.0.0.0-19.1.0.0.231017", "product": { "name": "Oracle GoldenGate Version 19.1.0.0.0-19.1.0.0.231017", "product_id": "P-5757V-19.1.0.0.0-19.1.0.0.231017" } }, { "category": "product_version_range", "name": "Oracle GoldenGate Version 21.3-21.12", "product": { "name": "Oracle GoldenGate Version 21.3-21.12", "product_id": "P-5757V-21.3-21.12" } } ], "category": "product_name", "name": "Oracle GoldenGate" }, { "branches": [ { "category": "product_version", "name": "Oracle GoldenGate Studio Version 12.2.0.4.0", "product": { "name": "Oracle GoldenGate Studio Version 12.2.0.4.0", "product_id": "P-10945V-12.2.0.4.0" } } ], "category": "product_name", "name": "Oracle GoldenGate Studio" } ], "category": "product_family", "name": "Oracle GoldenGate" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Graph Server and Client Version Prior to 22.4.6", "product": { "name": "Graph Server and Client Version Prior to 22.4.6", "product_id": "P-14069V-Prior to 22.4.6" } }, { "category": "product_version_range", "name": "Graph Server and Client Version Prior to 23.4.0", "product": { "name": "Graph Server and Client Version Prior to 23.4.0", "product_id": "P-14069V-Prior to 23.4.0" } } ], "category": "product_name", "name": "Graph Server and Client" } ], "category": "product_family", "name": "Oracle Graph Server and Client" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Calculation Manager Version 11.2.14.0.000", "product": { "name": "Oracle Hyperion Calculation Manager Version 11.2.14.0.000", "product_id": "P-5685V-11.2.14.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Calculation Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Financial Data Quality Management, Enterprise Edition Version 11.2.14.0.000", "product": { "name": "Oracle Hyperion Financial Data Quality Management, Enterprise Edition Version 11.2.14.0.000", "product_id": "P-10664V-11.2.14.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Financial Data Quality Management, Enterprise Edition" }, { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Financial Management Version 11.2.14.0.000", "product": { "name": "Oracle Hyperion Financial Management Version 11.2.14.0.000", "product_id": "P-4390V-11.2.14.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Financial Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Financial Reporting Version 11.2.14.0.000", "product": { "name": "Oracle Hyperion Financial Reporting Version 11.2.14.0.000", "product_id": "P-8776V-11.2.14.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Financial Reporting" }, { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Infrastructure Technology Version 11.2.14.0.000", "product": { "name": "Oracle Hyperion Infrastructure Technology Version 11.2.14.0.000", "product_id": "P-4392V-11.2.14.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Infrastructure Technology" }, { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Planning Version 11.2.14.0.000", "product": { "name": "Oracle Hyperion Planning Version 11.2.14.0.000", "product_id": "P-4402V-11.2.14.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Planning" } ], "category": "product_family", "name": "Oracle Hyperion" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "JD Edwards EnterpriseOne Orchestrator Version Prior to 9.2.8.0", "product": { "name": "JD Edwards EnterpriseOne Orchestrator Version Prior to 9.2.8.0", "product_id": "P-11681V-Prior to 9.2.8.0" } } ], "category": "product_name", "name": "JD Edwards EnterpriseOne Orchestrator" }, { "branches": [ { "category": "product_version_range", "name": "JD Edwards EnterpriseOne Tools Version Prior to 9.2.8.0", "product": { "name": "JD Edwards EnterpriseOne Tools Version Prior to 9.2.8.0", "product_id": "P-4781V-Prior to 9.2.8.0" } }, { "category": "product_version_range", "name": "JD Edwards EnterpriseOne Tools Version Prior to 9.2.8.1", "product": { "name": "JD Edwards EnterpriseOne Tools Version Prior to 9.2.8.1", "product_id": "P-4781V-Prior to 9.2.8.1" } } ], "category": "product_name", "name": "JD Edwards EnterpriseOne Tools" } ], "category": "product_family", "name": "Oracle JD Edwards" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:20.3.12", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:20.3.12", "product_id": "P-13497V-Oracle GraalVM Enterprise Edition:20.3.12" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:21.3.8", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:21.3.8", "product_id": "P-13497V-Oracle GraalVM Enterprise Edition:21.3.8" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:22.3.4", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:22.3.4", "product_id": "P-13497V-Oracle GraalVM Enterprise Edition:22.3.4" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:17.0.9", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:17.0.9", "product_id": "P-13497V-Oracle GraalVM for JDK:17.0.9" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:21.0.1", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:21.0.1", "product_id": "P-13497V-Oracle GraalVM for JDK:21.0.1" } } ], "category": "product_name", "name": "Oracle GraalVM for JDK" }, { "branches": [ { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.12", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.12", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:20.3.12" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.8", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.8", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:22.3.4", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:22.3.4", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:22.3.4" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM for JDK:17.0.9", "product": { "name": "Oracle Java SE Version Oracle GraalVM for JDK:17.0.9", "product_id": "P-856V-Oracle GraalVM for JDK:17.0.9" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM for JDK:21.0.1", "product": { "name": "Oracle Java SE Version Oracle GraalVM for JDK:21.0.1", "product_id": "P-856V-Oracle GraalVM for JDK:21.0.1" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:11.0.21", "product": { "name": "Oracle Java SE Version Oracle Java SE:11.0.21", "product_id": "P-856V-Oracle Java SE:11.0.21" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:17.0.9", "product": { "name": "Oracle Java SE Version Oracle Java SE:17.0.9", "product_id": "P-856V-Oracle Java SE:17.0.9" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:21.0.1", "product": { "name": "Oracle Java SE Version Oracle Java SE:21.0.1", "product_id": "P-856V-Oracle Java SE:21.0.1" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:8u391", "product": { "name": "Oracle Java SE Version Oracle Java SE:8u391", "product_id": "P-856V-Oracle Java SE:8u391" } }, { "category": "product_version_range", "name": "Oracle Java SE Version Oracle Java SE:8u391-perf", "product": { "name": "Oracle Java SE Version Oracle Java SE:8u391-perf", "product_id": "P-856V-Oracle Java SE:8u391-perf" } } ], "category": "product_name", "name": "Oracle Java SE" } ], "category": "product_family", "name": "Oracle Java SE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "MySQL Cluster Version 7.5.32 and prior", "product": { "name": "MySQL Cluster Version 7.5.32 and prior", "product_id": "P-8479V-7.5.32 and prior" } }, { "category": "product_version_range", "name": "MySQL Cluster Version 7.6.28 and prior", "product": { "name": "MySQL Cluster Version 7.6.28 and prior", "product_id": "P-8479V-7.6.28 and prior" } }, { "category": "product_version_range", "name": "MySQL Cluster Version 8.0.34 and prior", "product": { "name": "MySQL Cluster Version 8.0.34 and prior", "product_id": "P-8479V-8.0.34 and prior" } }, { "category": "product_version_range", "name": "MySQL Cluster Version 8.0.35 and prior", "product": { "name": "MySQL Cluster Version 8.0.35 and prior", "product_id": "P-8479V-8.0.35 and prior" } }, { "category": "product_version", "name": "MySQL Cluster Version 8.1.0", "product": { "name": "MySQL Cluster Version 8.1.0", "product_id": "P-8479V-8.1.0" } }, { "category": "product_version_range", "name": "MySQL Cluster Version 8.2.0 and prior", "product": { "name": "MySQL Cluster Version 8.2.0 and prior", "product_id": "P-8479V-8.2.0 and prior" } } ], "category": "product_name", "name": "MySQL Cluster" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Connectors(Connector/ODBC) Version 8.0.35 and prior", "product": { "name": "MySQL Connectors(Connector/ODBC) Version 8.0.35 and prior", "product_id": "P-8576(Connector/ODBC)V-8.0.35 and prior" } }, { "category": "product_version_range", "name": "MySQL Connectors(Connector/C++) Version 8.2.0 and prior", "product": { "name": "MySQL Connectors(Connector/C++) Version 8.2.0 and prior", "product_id": "P-8576(Connector/C++)V-8.2.0 and prior" } }, { "category": "product_version_range", "name": "MySQL Connectors(Connector/ODBC) Version 8.2.0 and prior", "product": { "name": "MySQL Connectors(Connector/ODBC) Version 8.2.0 and prior", "product_id": "P-8576(Connector/ODBC)V-8.2.0 and prior" } } ], "category": "product_name", "name": "MySQL Connectors" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Enterprise Monitor Version 8.0.36 and prior", "product": { "name": "MySQL Enterprise Monitor Version 8.0.36 and prior", "product_id": "P-8480V-8.0.36 and prior" } } ], "category": "product_name", "name": "MySQL Enterprise Monitor" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Server Version 8.0.34 and prior", "product": { "name": "MySQL Server Version 8.0.34 and prior", "product_id": "P-8478V-8.0.34 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.35 and prior", "product": { "name": "MySQL Server Version 8.0.35 and prior", "product_id": "P-8478V-8.0.35 and prior" } }, { "category": "product_version", "name": "MySQL Server Version 8.1.0", "product": { "name": "MySQL Server Version 8.1.0", "product_id": "P-8478V-8.1.0" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.2.0 and prior", "product": { "name": "MySQL Server Version 8.2.0 and prior", "product_id": "P-8478V-8.2.0 and prior" } } ], "category": "product_name", "name": "MySQL Server" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Workbench Version 8.0.34 and prior", "product": { "name": "MySQL Workbench Version 8.0.34 and prior", "product_id": "P-4627V-8.0.34 and prior" } } ], "category": "product_name", "name": "MySQL Workbench" } ], "category": "product_family", "name": "Oracle MySQL" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle NoSQL Database Version Prior to 1.6", "product": { "name": "Oracle NoSQL Database Version Prior to 1.6", "product_id": "P-13373V-Prior to 1.6" } }, { "category": "product_version_range", "name": "Oracle NoSQL Database Version Prior to 19.5.40", "product": { "name": "Oracle NoSQL Database Version Prior to 19.5.40", "product_id": "P-13373V-Prior to 19.5.40" } }, { "category": "product_version_range", "name": "Oracle NoSQL Database Version Prior to 20.3.38", "product": { "name": "Oracle NoSQL Database Version Prior to 20.3.38", "product_id": "P-13373V-Prior to 20.3.38" } }, { "category": "product_version_range", "name": "Oracle NoSQL Database Version Prior to 21.2.30", "product": { "name": "Oracle NoSQL Database Version Prior to 21.2.30", "product_id": "P-13373V-Prior to 21.2.30" } }, { "category": "product_version_range", "name": "Oracle NoSQL Database Version Prior to 22.3.94", "product": { "name": "Oracle NoSQL Database Version Prior to 22.3.94", "product_id": "P-13373V-Prior to 22.3.94" } }, { "category": "product_version_range", "name": "Oracle NoSQL Database Version Prior to 23.1.29", "product": { "name": "Oracle NoSQL Database Version Prior to 23.1.29", "product_id": "P-13373V-Prior to 23.1.29" } } ], "category": "product_name", "name": "Oracle NoSQL Database" } ], "category": "product_family", "name": "Oracle NoSQL Database" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.59", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.59", "product_id": "P-5085V-8.59" } }, { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.60", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.60", "product_id": "P-5085V-8.60" } }, { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.61", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.61", "product_id": "P-5085V-8.61" } } ], "category": "product_name", "name": "PeopleSoft Enterprise PeopleTools" } ], "category": "product_family", "name": "Oracle PeopleSoft" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle REST Data Services Version Prior to 23.3.0", "product": { "name": "Oracle REST Data Services Version Prior to 23.3.0", "product_id": "P-9456V-Prior to 23.3.0" } } ], "category": "product_name", "name": "Oracle REST Data Services" } ], "category": "product_family", "name": "Oracle REST Data Services" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Retail Advanced Inventory Planning Version 15.0.3", "product": { "name": "Oracle Retail Advanced Inventory Planning Version 15.0.3", "product_id": "P-1785V-15.0.3" } }, { "category": "product_version", "name": "Oracle Retail Advanced Inventory Planning Version 16.0.3", "product": { "name": "Oracle Retail Advanced Inventory Planning Version 16.0.3", "product_id": "P-1785V-16.0.3" } } ], "category": "product_name", "name": "Oracle Retail Advanced Inventory Planning" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Customer Management and Segmentation Foundation Version 18.0.0.14", "product": { "name": "Oracle Retail Customer Management and Segmentation Foundation Version 18.0.0.14", "product_id": "P-13388V-18.0.0.14" } }, { "category": "product_version", "name": "Oracle Retail Customer Management and Segmentation Foundation Version 19.0.0.8", "product": { "name": "Oracle Retail Customer Management and Segmentation Foundation Version 19.0.0.8", "product_id": "P-13388V-19.0.0.8" } } ], "category": "product_name", "name": "Oracle Retail Customer Management and Segmentation Foundation" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail EFTLink Version 20.0.1", "product": { "name": "Oracle Retail EFTLink Version 20.0.1", "product_id": "P-11516V-20.0.1" } }, { "category": "product_version_range", "name": "Oracle Retail EFTLink Version 21.0.0-23.0.0", "product": { "name": "Oracle Retail EFTLink Version 21.0.0-23.0.0", "product_id": "P-11516V-21.0.0-23.0.0" } } ], "category": "product_name", "name": "Oracle Retail EFTLink" } ], "category": "product_family", "name": "Oracle Retail Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle SQL Developer Version 21.4.2", "product": { "name": "Oracle SQL Developer Version 21.4.2", "product_id": "P-5547V-21.4.2" } }, { "category": "product_version", "name": "Oracle SQL Developer Version 22.2.0", "product": { "name": "Oracle SQL Developer Version 22.2.0", "product_id": "P-5547V-22.2.0" } }, { "category": "product_version", "name": "Oracle SQL Developer Version 23.1.0", "product": { "name": "Oracle SQL Developer Version 23.1.0", "product_id": "P-5547V-23.1.0" } } ], "category": "product_name", "name": "Oracle SQL Developer" } ], "category": "product_family", "name": "Oracle SQL Developer" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Secure Backup Version Prior to 18.1.0.2.0", "product": { "name": "Oracle Secure Backup Version Prior to 18.1.0.2.0", "product_id": "P-1522V-Prior to 18.1.0.2.0" } } ], "category": "product_name", "name": "Oracle Secure Backup" } ], "category": "product_family", "name": "Oracle Secure Backup" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Siebel CRM Version Prior to 23.12", "product": { "name": "Siebel CRM Version Prior to 23.12", "product_id": "P-9011V-Prior to 23.12" } }, { "category": "product_version_range", "name": "Siebel CRM Version Prior to 23.8", "product": { "name": "Siebel CRM Version Prior to 23.8", "product_id": "P-9008V-Prior to 23.8" } } ], "category": "product_name", "name": "Siebel CRM" } ], "category": "product_family", "name": "Oracle Siebel CRM" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Agile PLM Version 9.3.6", "product": { "name": "Oracle Agile PLM Version 9.3.6", "product_id": "P-4461V-9.3.6" } } ], "category": "product_name", "name": "Oracle Agile PLM" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Agile Product Lifecycle Management for Process Version Prior to 6.2.4.2", "product": { "name": "Oracle Agile Product Lifecycle Management for Process Version Prior to 6.2.4.2", "product_id": "P-4445V-Prior to 6.2.4.2" } } ], "category": "product_name", "name": "Oracle Agile Product Lifecycle Management for Process" }, { "branches": [ { "category": "product_version", "name": "Oracle Complex Maintenance, Repair, and Overhaul Version 11.5", "product": { "name": "Oracle Complex Maintenance, Repair, and Overhaul Version 11.5", "product_id": "P-1184V-11.5" } }, { "category": "product_version", "name": "Oracle Complex Maintenance, Repair, and Overhaul Version 12.1", "product": { "name": "Oracle Complex Maintenance, Repair, and Overhaul Version 12.1", "product_id": "P-1184V-12.1" } }, { "category": "product_version", "name": "Oracle Complex Maintenance, Repair, and Overhaul Version 12.2", "product": { "name": "Oracle Complex Maintenance, Repair, and Overhaul Version 12.2", "product_id": "P-1184V-12.2" } } ], "category": "product_name", "name": "Oracle Complex Maintenance, Repair, and Overhaul" } ], "category": "product_family", "name": "Oracle Supply Chain" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version Prior to XCP2420", "product": { "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version Prior to XCP2420", "product_id": "P-10656V-Prior to XCP2420" } }, { "category": "product_version_range", "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version Prior to XCP2430", "product": { "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version Prior to XCP2430", "product_id": "P-10656V-Prior to XCP2430" } }, { "category": "product_version_range", "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version prior to XCP3120", "product": { "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version prior to XCP3120", "product_id": "P-10656V-prior to XCP3120" } }, { "category": "product_version_range", "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version prior to XCP3130", "product": { "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version prior to XCP3130", "product_id": "P-10656V-prior to XCP3130" } }, { "category": "product_version_range", "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version prior to XCP4030", "product": { "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version prior to XCP4030", "product_id": "P-10656V-prior to XCP4030" } }, { "category": "product_version_range", "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version prior to XCP4040", "product": { "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers Version prior to XCP4040", "product_id": "P-10656V-prior to XCP4040" } } ], "category": "product_name", "name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers" }, { "branches": [ { "category": "product_version", "name": "Integrated Lights Out Manager (ILOM) Version 3", "product": { "name": "Integrated Lights Out Manager (ILOM) Version 3", "product_id": "P-9849V-3" } }, { "category": "product_version", "name": "Integrated Lights Out Manager (ILOM) Version 4", "product": { "name": "Integrated Lights Out Manager (ILOM) Version 4", "product_id": "P-9849V-4" } }, { "category": "product_version", "name": "Integrated Lights Out Manager (ILOM) Version 5", "product": { "name": "Integrated Lights Out Manager (ILOM) Version 5", "product_id": "P-9849V-5" } } ], "category": "product_name", "name": "Integrated Lights Out Manager (ILOM)" }, { "branches": [ { "category": "product_version", "name": "Oracle Solaris Version 11", "product": { "name": "Oracle Solaris Version 11", "product_id": "P-10006V-11" } } ], "category": "product_name", "name": "Oracle Solaris" }, { "branches": [ { "category": "product_version", "name": "Oracle ZFS Storage Appliance Kit Version 8.8", "product": { "name": "Oracle ZFS Storage Appliance Kit Version 8.8", "product_id": "P-10026V-8.8" } } ], "category": "product_name", "name": "Oracle ZFS Storage Appliance Kit" } ], "category": "product_family", "name": "Oracle Systems" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "TimesTen In-Memory Database Version Prior to 21.1.1.19.0", "product": { "name": "TimesTen In-Memory Database Version Prior to 21.1.1.19.0", "product_id": "P-1870V-Prior to 21.1.1.19.0" } }, { "category": "product_version_range", "name": "TimesTen In-Memory Database Version Prior to 22.1.1.19.0", "product": { "name": "TimesTen In-Memory Database Version Prior to 22.1.1.19.0", "product_id": "P-1870V-Prior to 22.1.1.19.0" } } ], "category": "product_name", "name": "TimesTen In-Memory Database" } ], "category": "product_family", "name": "Oracle TimesTen In-Memory Database" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.3.0.2", "product": { "name": "Oracle Utilities Network Management System Version 2.3.0.2", "product_id": "P-2241V-2.3.0.2" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.4.0.1", "product": { "name": "Oracle Utilities Network Management System Version 2.4.0.1", "product_id": "P-2241V-2.4.0.1" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.1", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.1", "product_id": "P-2241V-2.5.0.1" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.2", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.2", "product_id": "P-2241V-2.5.0.2" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.6.0.0", "product": { "name": "Oracle Utilities Network Management System Version 2.6.0.0", "product_id": "P-2241V-2.6.0.0" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.6.0.1", "product": { "name": "Oracle Utilities Network Management System Version 2.6.0.1", "product_id": "P-2241V-2.6.0.1" } } ], "category": "product_name", "name": "Oracle Utilities Network Management System" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Utilties Application Framework Version 4.3.0.3.0-4.3.0.6.0", "product": { "name": "Oracle Utilties Application Framework Version 4.3.0.3.0-4.3.0.6.0", "product_id": "P-2245V-4.3.0.3.0-4.3.0.6.0" } }, { "category": "product_version", "name": "Oracle Utilties Application Framework Version 4.3.0.6.0", "product": { "name": "Oracle Utilties Application Framework Version 4.3.0.6.0", "product_id": "P-2245V-4.3.0.6.0" } }, { "category": "product_version", "name": "Oracle Utilties Application Framework Version 4.4.0.0.0", "product": { "name": "Oracle Utilties Application Framework Version 4.4.0.0.0", "product_id": "P-2245V-4.4.0.0.0" } }, { "category": "product_version", "name": "Oracle Utilties Application Framework Version 4.4.0.2.0", "product": { "name": "Oracle Utilties Application Framework Version 4.4.0.2.0", "product_id": "P-2245V-4.4.0.2.0" } }, { "category": "product_version", "name": "Oracle Utilties Application Framework Version 4.4.0.3.0", "product": { "name": "Oracle Utilties Application Framework Version 4.4.0.3.0", "product_id": "P-2245V-4.4.0.3.0" } }, { "category": "product_version", "name": "Oracle Utilties Application Framework Version 4.5.0.0.0", "product": { "name": "Oracle Utilties Application Framework Version 4.5.0.0.0", "product_id": "P-2245V-4.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Utilties Application Framework Version 4.5.0.1.1", "product": { "name": "Oracle Utilties Application Framework Version 4.5.0.1.1", "product_id": "P-2245V-4.5.0.1.1" } }, { "category": "product_version", "name": "Oracle Utilties Application Framework Version 4.5.0.1.3", "product": { "name": "Oracle Utilties Application Framework Version 4.5.0.1.3", "product_id": "P-2245V-4.5.0.1.3" } } ], "category": "product_name", "name": "Oracle Utilties Application Framework" } ], "category": "product_family", "name": "Oracle Utilities Applications" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-10086", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Planning", "text": "32054802" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Calculation Manager", "text": "32054799" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35762791" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Calculation Manager product of Oracle Hyperion (component: Security (Apache Commons BeanUtils)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Calculation Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion Calculation Manager accessible data as well as unauthorized read access to a subset of Oracle Hyperion Calculation Manager accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Calculation Manager. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Apache Commons BeanUtils)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Planning product of Oracle Hyperion (component: Security (Apache Commons BeanUtils)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion Planning accessible data as well as unauthorized read access to a subset of Oracle Hyperion Planning accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Planning. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4402V-11.2.14.0.000", "P-5685V-11.2.14.0.000" ], "known_not_affected": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4402V-11.2.14.0.000", "P-5685V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2994836.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-4402V-11.2.14.0.000", "P-5685V-11.2.14.0.000" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ] } ] }, { "cve": "CVE-2020-15250", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35872496" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure (Jakarta Expression Language)). The supported version that is affected is 14.7.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Liquidity Management executes to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13304V-14.7.0.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.7.0.3.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13304V-14.7.0.3.0" ] } ] }, { "cve": "CVE-2020-26870", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Customer Management and Segmentation Foundation", "text": "36044922" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (DOMPurify)). Supported versions that are affected are 18.0.0.14 and 19.0.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13388V-18.0.0.14", "P-13388V-19.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13388V-18.0.0.14", "P-13388V-19.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992095.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13388V-18.0.0.14", "P-13388V-19.0.0.8" ] } ] }, { "cve": "CVE-2020-29508", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "34732254" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Oracle GoldenGate Studio (Dell BSAFE Micro Edition Suite)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-10945V-12.2.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10945V-12.2.0.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.0.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ] }, { "cve": "CVE-2020-35163", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "34732254" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Oracle GoldenGate Studio (Dell BSAFE Micro Edition Suite)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-10945V-12.2.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10945V-12.2.0.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.0.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ] }, { "cve": "CVE-2020-35164", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "34732254" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Oracle GoldenGate Studio (Dell BSAFE Micro Edition Suite)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-10945V-12.2.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10945V-12.2.0.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.0.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ] }, { "cve": "CVE-2020-35166", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "34732254" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Oracle GoldenGate Studio (Dell BSAFE Micro Edition Suite)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-10945V-12.2.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10945V-12.2.0.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.0.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ] }, { "cve": "CVE-2020-35167", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "34732254" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Oracle GoldenGate Studio (Dell BSAFE Micro Edition Suite)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-10945V-12.2.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10945V-12.2.0.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.0.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ] }, { "cve": "CVE-2020-35168", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "34732254" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Oracle GoldenGate Studio (Dell BSAFE Micro Edition Suite)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-10945V-12.2.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10945V-12.2.0.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.0.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ] }, { "cve": "CVE-2020-5410", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "34219432" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Cloud Config)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13304V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13304V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2020-5421", "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager", "text": "35842019" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager accessible data as well as unauthorized read access to a subset of Oracle Identity Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1980V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1980V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N", "version": "3.1" }, "products": [ "P-1980V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-7760", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilties Application Framework", "text": "32219349" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilties Application Framework product of Oracle Utilities Applications (component: User Interface (CodeMirror)). Supported versions that are affected are 4.3.0.3.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0 and 4.4.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilties Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilties Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992789.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] } ] }, { "cve": "CVE-2021-0341", "ids": [ { "system_name": "Oracle Bug ID of Oracle Access Manager", "text": "35798089" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (OkHttp)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5565V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5565V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5565V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-29425", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilties Application Framework", "text": "33287901" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Planning", "text": "33287557" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Planning product of Oracle Hyperion (component: Security (Apache Commons IO)). The supported version that is affected is 11.2.14.0.000. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion Planning accessible data as well as unauthorized read access to a subset of Oracle Hyperion Planning accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilties Application Framework product of Oracle Utilities Applications (component: General (Apache Commons IO)). Supported versions that are affected are 4.3.0.3.0-4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilties Application Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilties Application Framework accessible data as well as unauthorized read access to a subset of Oracle Utilties Application Framework accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-4402V-11.2.14.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4402V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992789.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-4402V-11.2.14.0.000", "P-2245V-4.3.0.3.0-4.3.0.6.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0" ] } ] }, { "cve": "CVE-2021-33813", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35520759" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35982245" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Apache Solr)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Solr)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-1696V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0", "P-1696V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-35515", "ids": [ { "system_name": "Oracle Bug ID of Oracle JDeveloper", "text": "35753198" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Oracle JDeveloper (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle JDeveloper. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-807V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-807V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-807V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-35516", "ids": [ { "system_name": "Oracle Bug ID of Oracle JDeveloper", "text": "35753198" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Oracle JDeveloper (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle JDeveloper. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-807V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-807V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-807V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-35517", "ids": [ { "system_name": "Oracle Bug ID of Oracle JDeveloper", "text": "35753198" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Oracle JDeveloper (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle JDeveloper. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-807V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-807V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-807V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-36090", "ids": [ { "system_name": "Oracle Bug ID of Oracle JDeveloper", "text": "35753198" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: Oracle JDeveloper (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle JDeveloper. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-807V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-807V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-807V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-37533", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35346867" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35346717" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35346761" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Order and Service Management (Apache Commons Net)). Supported versions that are affected are 7.4.0.7.0, 7.4.1.5.0 and 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Service Catalog and Design accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Oracle GoldenGate Studio (Apache Commons Net)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Commons Net)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0", "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ], "known_not_affected": [ "P-10945V-12.2.0.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10945V-12.2.0.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-4647V-12.2.1.4.0", "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.0.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-10945V-12.2.0.4.0" ] } ] }, { "cve": "CVE-2021-4104", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "35802293" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Apache Log4j)). Supported versions that are affected are 7.4.0 and 7.4.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2270V-7.4.0", "P-2270V-7.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.4.0", "P-2270V-7.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992395.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2270V-7.4.0", "P-2270V-7.4.1" ] } ] }, { "cve": "CVE-2021-41182", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Customer Management and Segmentation Foundation", "text": "36008705" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "35614982" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Pricing Services (jQueryUI)). The supported version that is affected is 2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (jQuery)). Supported versions that are affected are 18.0.0.14 and 19.0.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5322V-2.9.0", "P-13388V-18.0.0.14", "P-13388V-19.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-2.9.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2996660.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13388V-18.0.0.14", "P-13388V-19.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992095.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5322V-2.9.0", "P-13388V-18.0.0.14", "P-13388V-19.0.0.8" ] } ] }, { "cve": "CVE-2021-41183", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "35614982" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Pricing Services (jQueryUI)). The supported version that is affected is 2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5322V-2.9.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-2.9.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2996660.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5322V-2.9.0" ] } ] }, { "cve": "CVE-2021-41184", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "35614982" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Pricing Services (jQueryUI)). The supported version that is affected is 2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5322V-2.9.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-2.9.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2996660.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5322V-2.9.0" ] } ] }, { "cve": "CVE-2021-42392", "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "35285070" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: B2B Engine (H2 Database)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in takeover of Oracle SOA Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1162V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1162V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-42575", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Planning", "text": "35412023" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Planning product of Oracle Hyperion (component: Hub (Java HTML Sanitizer)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Planning. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4402V-11.2.14.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4402V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4402V-11.2.14.0.000" ] } ] }, { "cve": "CVE-2021-43306", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "35820963" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care (jQuery)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0 and 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-2136V-15.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-2136V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992408.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-2136V-15.0.0.0.0" ] } ] }, { "cve": "CVE-2021-43527", "ids": [ { "system_name": "Oracle Bug ID of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers", "text": "36122768" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (NSS)). Supported versions that are affected are Prior to XCP2430, prior to XCP3130 and prior to XCP4040. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks of this vulnerability can result in takeover of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10656V-prior to XCP4040", "P-10656V-prior to XCP3130", "P-10656V-Prior to XCP2430" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10656V-prior to XCP4040", "P-10656V-prior to XCP3130", "P-10656V-Prior to XCP2430" ], "url": "https://support.oracle.com/rs?type=doc&id=2992074.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10656V-prior to XCP4040", "P-10656V-prior to XCP3130", "P-10656V-Prior to XCP2430" ] } ] }, { "cve": "CVE-2021-46848", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35455505" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Libtasn1)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1" ] } ] }, { "cve": "CVE-2022-1471", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35156437" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (SnakeYAML)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in takeover of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-7.4.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2283V-7.4.2.8.0" ] } ] }, { "acknowledgments": [ { "names": [ "Emad Al-Mousa" ], "organization": "Saudi Aramco" } ], "cve": "CVE-2022-21432", "ids": [ { "system_name": "Oracle Bug ID of Oracle Text", "text": "34448302" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 19.3-19.21. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Text. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-211V-19.3-19.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-211V-19.3-19.21" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-211V-19.3-19.21" ] } ] }, { "cve": "CVE-2022-22950", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9617V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Sites", "text": "34544221" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Thick Client (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-9617V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9617V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9617V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9617V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-22969", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "34162267" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Security Oauth)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13304V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13304V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2022-22979", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "34429908" }, { "system_name": "Oracle Bug ID of Oracle Banking Electronic Data Exchange for Corporates", "text": "34429907" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "34429906" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "34429904" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "34429903" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "34429911" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "34429910" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "34429898" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34429909" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Spring Cloud Function)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Spring Cloud Function)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Spring Cloud Function)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Spring Cloud Function)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Spring Cloud Function)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Electronic Data Exchange for Corporates product of Oracle Financial Services Applications (component: Reports (Spring Cloud Function)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Electronic Data Exchange for Corporates. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Electronic Data Exchange for Corporates. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Cloud Function)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Spring Cloud Function)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Spring Cloud Function)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14195V-14.5.0-14.7.0", "P-14393V-14.5.0-14.7.0", "P-13703V-14.5.0-14.7.0", "P-14324V-14.5.0-14.7.0", "P-13872V-14.5.0-14.7.0", "P-13304V-14.5.0-14.7.0", "P-13718V-14.5.0-14.7.0", "P-14325V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.5.0-14.7.0", "P-14393V-14.5.0-14.7.0", "P-13703V-14.5.0-14.7.0", "P-14324V-14.5.0-14.7.0", "P-13872V-14.5.0-14.7.0", "P-13304V-14.5.0-14.7.0", "P-13718V-14.5.0-14.7.0", "P-14325V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14195V-14.5.0-14.7.0", "P-14393V-14.5.0-14.7.0", "P-13703V-14.5.0-14.7.0", "P-14324V-14.5.0-14.7.0", "P-13872V-14.5.0-14.7.0", "P-13304V-14.5.0-14.7.0", "P-13718V-14.5.0-14.7.0", "P-14325V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2022-23221", "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "35285070" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: B2B Engine (H2 Database)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in takeover of Oracle SOA Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1162V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1162V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-24839", "ids": [ { "system_name": "Oracle Bug ID of Oracle Analytics Desktop", "text": "34696689" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Analytics Desktop product of Oracle Analytics (component: Visual Analyzer Integration (NekoHTML)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-12791V-Prior to 7.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12791V-Prior to 7.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-12791V-Prior to 7.2" ] } ] }, { "cve": "CVE-2022-25147", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition", "text": "35723905" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "35723903" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (Apache Portable Runtime Utility)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.5 and 8.1.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Behavior Detection Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (Apache Portable Runtime Utility)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9190V-8.1.2.5", "P-13789V-8.0.8", "P-9190V-8.1.2.6", "P-9190V-8.0.8.1", "P-9190V-8.1.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.1.2.5", "P-9190V-8.1.2.6", "P-9190V-8.0.8.1", "P-9190V-8.1.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992488.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13789V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992489.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-9190V-8.1.2.5", "P-13789V-8.0.8", "P-9190V-8.1.2.6", "P-9190V-8.0.8.1", "P-9190V-8.1.1.1" ] } ] }, { "cve": "CVE-2022-25647", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35895503" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (Google Gson)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-29155", "ids": [ { "system_name": "Oracle Bug ID of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers", "text": "36149248" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (OpenLDAP)). Supported versions that are affected are Prior to XCP2420, prior to XCP3120 and prior to XCP4030. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks of this vulnerability can result in takeover of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10656V-Prior to XCP2420", "P-10656V-prior to XCP3120", "P-10656V-prior to XCP4030" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10656V-Prior to XCP2420", "P-10656V-prior to XCP3120", "P-10656V-prior to XCP4030" ], "url": "https://support.oracle.com/rs?type=doc&id=2992074.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10656V-Prior to XCP2420", "P-10656V-prior to XCP3120", "P-10656V-prior to XCP4030" ] } ] }, { "cve": "CVE-2022-31147", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "35820963" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care (jQuery)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0 and 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-2136V-15.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-2136V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992408.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-2136V-15.0.0.0.0" ] } ] }, { "cve": "CVE-2022-31160", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "35818607" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35870756" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "35614982" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "36048003" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security (jQueryUI)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care (jQueryUI)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0 and 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Billing and Revenue Management accessible data as well as unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Pricing Services (jQueryUI)). The supported version that is affected is 2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security (jQueryUI)). The supported version that is affected is 5.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-5322(Pricing Services)V-2.9.0", "P-2025V-12.2.1.4.0", "P-2136V-15.0.0.0.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0", "P-5322(Security)V-5.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-2136V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992408.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322(Pricing Services)V-2.9.0", "P-5322(Security)V-5.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2996660.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-5322(Pricing Services)V-2.9.0", "P-2025V-12.2.1.4.0", "P-2136V-15.0.0.0.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0", "P-5322(Security)V-5.1.0" ] } ] }, { "cve": "CVE-2022-31690", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "34780002" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Spring Security)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13487V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13487V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13487V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2022-31692", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "34780002" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Spring Security)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13487V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13487V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13487V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2022-33879", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35280042" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench (Apache Tika)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Commerce Guided Search executes to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2993583.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-9633V-11.3.2" ] } ] }, { "cve": "CVE-2022-34169", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Enterprise Case Management", "text": "36159187" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Enterprise Case Management product of Oracle Financial Services Applications (component: Web UI (Oracle Java SE)). Supported versions that are affected are 8.0.8.2, 8.1.1.1, 8.1.2.5 and 8.1.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Case Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Enterprise Case Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13545V-8.1.1.1", "P-13545V-8.1.2.6", "P-13545V-8.1.2.5", "P-13545V-8.0.8.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13545V-8.1.2.6", "P-13545V-8.1.2.5", "P-13545V-8.0.8.2", "P-13545V-8.1.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992664.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-13545V-8.1.2.6", "P-13545V-8.1.2.5", "P-13545V-8.0.8.2", "P-13545V-8.1.1.1" ] } ] }, { "cve": "CVE-2022-3479", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35033524" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (NSS)). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.0" ] } ] }, { "cve": "CVE-2022-3510", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35981768" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server, BI Search (Google Protobuf-Java)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-3602", "ids": [ { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "34761430" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). The supported version that is affected is 21.5.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Essbase. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4379V-21.5.3.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.5.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4379V-21.5.3.0.0" ] } ] }, { "cve": "CVE-2022-36033", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "34897683" }, { "system_name": "Oracle Bug ID of Oracle Banking Electronic Data Exchange for Corporates", "text": "34897686" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "34897680" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "34897692" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Lending and Leasing", "text": "34897703" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Enterprise Limits and Collateral Management", "text": "34897688" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (jsoup)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Branch, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Branch accessible data as well as unauthorized read access to a subset of Oracle Banking Branch accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Lending and Leasing product of Oracle Financial Services Applications (component: Internal Operations (jsoup)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Lending and Leasing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Lending and Leasing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Lending and Leasing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Lending and Leasing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (jsoup)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Virtual Account Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data as well as unauthorized read access to a subset of Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management product of Oracle Financial Services Applications (component: Infrastructure (jsoup)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Electronic Data Exchange for Corporates product of Oracle Financial Services Applications (component: Reports (jsoup)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Electronic Data Exchange for Corporates. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Electronic Data Exchange for Corporates, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Electronic Data Exchange for Corporates accessible data as well as unauthorized read access to a subset of Oracle Banking Electronic Data Exchange for Corporates accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (jsoup)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending Process Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending Process Management accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9100V-14.5.0-14.7.0", "P-14393V-14.5.0-14.7.0", "P-14324V-14.5.0-14.7.0", "P-13701V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0", "P-10484V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9100V-14.5.0-14.7.0", "P-14393V-14.5.0-14.7.0", "P-14324V-14.5.0-14.7.0", "P-13701V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0", "P-10484V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9100V-14.5.0-14.7.0", "P-14393V-14.5.0-14.7.0", "P-14324V-14.5.0-14.7.0", "P-13701V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0", "P-10484V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2022-36944", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35767116" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35767098" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35767114" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Scala)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Security (Scala)). Supported versions that are affected are 12.0.0.4-12.0.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in takeover of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Scala)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in takeover of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13701V-14.5.0-14.7.0", "P-2283V-7.4.2.8.0", "P-9742V-12.0.0.4-12.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13701V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4-12.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2992676.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13701V-14.5.0-14.7.0", "P-9742V-12.0.0.4-12.0.0.7", "P-2283V-7.4.2.8.0" ] } ] }, { "cve": "CVE-2022-37434", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Financial Management", "text": "34711832" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "34711756" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interactive Engine SEC (zlib)). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Financial Management product of Oracle Hyperion (component: Security (zlib)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Hyperion Financial Management. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Financial Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.0", "P-4390V-11.2.14.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4390V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4390V-11.2.14.0.000", "P-4781V-Prior to 9.2.8.0" ] } ] }, { "cve": "CVE-2022-3786", "ids": [ { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "34761430" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). The supported version that is affected is 21.5.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Essbase. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4379V-21.5.3.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.5.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4379V-21.5.3.0.0" ] } ] }, { "cve": "CVE-2022-40152", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "36131918" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Endeca Integration (Woodstox)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9348V-11.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2993583.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9348V-11.3.2" ] } ] }, { "cve": "CVE-2022-40896", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "35766261" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: NMS Monitor (Pygments)). Supported versions that are affected are 2.6.0.0 and 2.6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Utilities Network Management System executes to compromise Oracle Utilities Network Management System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Network Management System. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2241V-2.6.0.0", "P-2241V-2.6.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.6.0.0", "P-2241V-2.6.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992789.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2241V-2.6.0.0", "P-2241V-2.6.0.1" ] } ] }, { "cve": "CVE-2022-41409", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Oracle Notification Server)V-19.3-19.21", "P-5(Oracle Notification Server)V-21.3-21.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35698030" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Notification Server (PCRE2) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Oracle Notification Server)V-21.3-21.12", "P-5(Oracle Notification Server)V-19.3-19.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Notification Server)V-19.3-19.21", "P-5(Oracle Notification Server)V-21.3-21.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Notification Server)V-19.3-19.21", "P-5(Oracle Notification Server)V-21.3-21.12" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Oracle Notification Server)V-19.3-19.21", "P-5(Oracle Notification Server)V-21.3-21.12" ] } ] }, { "cve": "CVE-2022-41704", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Financial Reporting", "text": "35760837" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Installation (Apache Batik)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Financial Reporting executes to compromise Oracle Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8776V-11.2.14.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8776V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-8776V-11.2.14.0.000" ] } ] }, { "cve": "CVE-2022-42003", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "34811597" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "34816380" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Virtualization", "text": "34811576" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "34816306" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "34811611" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Investor Servicing", "text": "34811645" }, { "system_name": "Oracle Bug ID of Oracle Banking Extensibility Workbench", "text": "34811602" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Virtualization product of Oracle Enterprise Manager (component: Plug-In Lifecycle (jackson-databind)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Virtualization. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager for Virtualization. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (jackson-databind)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework (jackson-databind)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen (jackson-databind)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure Code (jackson-databind)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (jackson-databind)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Extensibility Workbench product of Oracle Financial Services Applications (component: Infrastructure (jackson-databind)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Extensibility Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Extensibility Workbench. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370(Agent Next Gen)V-13.5.0.0", "P-1370(Extensibility Framework)V-13.5.0.0", "P-13701V-14.5.0-14.7.0", "P-9586V-13.5.0.0", "P-14124V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0", "P-9099V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370(Agent Next Gen)V-13.5.0.0", "P-1370(Extensibility Framework)V-13.5.0.0", "P-9586V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986271.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13701V-14.5.0-14.7.0", "P-14124V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0", "P-9099V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1370(Agent Next Gen)V-13.5.0.0", "P-1370(Extensibility Framework)V-13.5.0.0", "P-13701V-14.5.0-14.7.0", "P-9586V-13.5.0.0", "P-14124V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0", "P-9099V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2022-42004", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "34811597" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "34816380" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Virtualization", "text": "34811576" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "34816306" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "34811611" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Investor Servicing", "text": "34811645" }, { "system_name": "Oracle Bug ID of Oracle Banking Extensibility Workbench", "text": "34811602" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Virtualization product of Oracle Enterprise Manager (component: Plug-In Lifecycle (jackson-databind)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Virtualization. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager for Virtualization. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (jackson-databind)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Extensibility Workbench product of Oracle Financial Services Applications (component: Infrastructure (jackson-databind)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Extensibility Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Extensibility Workbench. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (jackson-databind)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure Code (jackson-databind)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen (jackson-databind)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework (jackson-databind)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13701V-14.5.0-14.7.0", "P-9586V-13.5.0.0", "P-14124V-14.5.0-14.7.0", "P-1370V-13.5.0.0", "P-13487V-14.5.0-14.7.0", "P-9099V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9586V-13.5.0.0", "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986271.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13701V-14.5.0-14.7.0", "P-14124V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0", "P-9099V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13701V-14.5.0-14.7.0", "P-9586V-13.5.0.0", "P-14124V-14.5.0-14.7.0", "P-1370V-13.5.0.0", "P-13487V-14.5.0-14.7.0", "P-9099V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2022-42889", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9617V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Sites", "text": "35814811" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI (Apache Commons Text)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-9617V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9617V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9617V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9617V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-42890", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Financial Reporting", "text": "35760837" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Installation (Apache Batik)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Financial Reporting executes to compromise Oracle Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8776V-11.2.14.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8776V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-8776V-11.2.14.0.000" ] } ] }, { "cve": "CVE-2022-42920", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35674084" }, { "system_name": "Oracle Bug ID of Oracle Retail Advanced Inventory Planning", "text": "35674167" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "35674116" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: Order and Service Management (Apache Commons BCEL)). Supported versions that are affected are 7.4.0.7.0, 7.4.1.5.0 and 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in takeover of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (Apache Xalan-Java)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.5 and 8.1.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Advanced Inventory Planning product of Oracle Retail Applications (component: Operations and Maintenance (Apache Commons BCEL)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Advanced Inventory Planning. Successful attacks of this vulnerability can result in takeover of Oracle Retail Advanced Inventory Planning. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9190V-8.1.2.5", "P-1785V-15.0.3", "P-9190V-8.1.2.6", "P-9190V-8.0.8.1", "P-1785V-16.0.3", "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0", "P-9190V-8.1.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.1.2.5", "P-9190V-8.1.2.6", "P-9190V-8.0.8.1", "P-9190V-8.1.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992488.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1785V-15.0.3", "P-1785V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2992095.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9190V-8.1.2.5", "P-1785V-15.0.3", "P-9190V-8.1.2.6", "P-9190V-8.0.8.1", "P-1785V-16.0.3", "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0", "P-9190V-8.1.1.1" ] } ] }, { "cve": "CVE-2022-4304", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35748368" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server, Pipeline Test Failures, Installation (OpenSSL)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-4450", "ids": [ { "system_name": "Oracle Bug ID of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers", "text": "36122782" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (OpenSSL)). Supported versions that are affected are Prior to XCP2430, prior to XCP3130 and prior to XCP4040. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10656V-prior to XCP4040", "P-10656V-prior to XCP3130", "P-10656V-Prior to XCP2430" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10656V-prior to XCP4040", "P-10656V-prior to XCP3130", "P-10656V-Prior to XCP2430" ], "url": "https://support.oracle.com/rs?type=doc&id=2992074.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10656V-prior to XCP4040", "P-10656V-prior to XCP3130", "P-10656V-Prior to XCP2430" ] } ] }, { "cve": "CVE-2022-44729", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "35850745" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35797591" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "35753949" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Financial Reporting", "text": "35760837" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: BPM Composer (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Business Process Management Suite executes to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Installation (Apache Batik)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Financial Reporting executes to compromise Oracle Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Presentation Services (Apache Batik)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Batik)). Supported versions that are affected are 2.7.1, 2.8.0, 2.9.0, 2.9.1, 3.0.0-3.2.0, 4.0.0, 5.0.0, 5.1.0 and 6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Financial Services Revenue Management and Billing executes to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0", "P-8776V-11.2.14.0.000", "P-5322V-5.0.0", "P-5322V-6.0.0", "P-5322V-5.1.0", "P-5325V-12.2.1.4.0", "P-2025V-6.4.0.0.0", "P-5322V-4.0.0", "P-2025V-7.0.0.0.0", "P-5322V-2.9.1", "P-5322V-2.9.0", "P-5322V-2.7.1", "P-5322V-2.8.0", "P-5322V-3.0.0-3.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8776V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-4.0.0", "P-5322V-5.0.0", "P-5322V-6.0.0", "P-5322V-2.9.1", "P-5322V-5.1.0", "P-5322V-2.9.0", "P-5322V-2.7.1", "P-5322V-2.8.0", "P-5322V-3.0.0-3.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2996660.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-8776V-11.2.14.0.000", "P-5322V-5.0.0", "P-5322V-6.0.0", "P-5322V-5.1.0", "P-5325V-12.2.1.4.0", "P-2025V-6.4.0.0.0", "P-5322V-4.0.0", "P-2025V-7.0.0.0.0", "P-5322V-2.9.1", "P-5322V-2.9.0", "P-5322V-2.7.1", "P-5322V-2.8.0", "P-5322V-3.0.0-3.2.0" ] } ] }, { "cve": "CVE-2022-44730", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Financial Reporting", "text": "35760837" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Installation (Apache Batik)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Financial Reporting executes to compromise Oracle Hyperion Financial Reporting. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8776V-11.2.14.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8776V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-8776V-11.2.14.0.000" ] } ] }, { "cve": "CVE-2022-45868", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35606513" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (H2 Database)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Service Catalog and Design executes to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in takeover of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-7.4.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2283V-7.4.2.8.0" ] } ] }, { "cve": "CVE-2022-46337", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.12", "P-5(Oracle Database Fleet Patching and Provisioning)V-19.3-19.21" ] }, { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "36043104" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36071492" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Fleet Patching and Provisioning (Apache Derby) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Derby)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5242V-12.2.1.4.0", "P-5(Oracle Database Fleet Patching and Provisioning)V-19.3-19.21", "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.12", "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.12", "P-5(Oracle Database Fleet Patching and Provisioning)V-19.3-19.21" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.12", "P-5(Oracle Database Fleet Patching and Provisioning)V-19.3-19.21" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.12", "P-5(Oracle Database Fleet Patching and Provisioning)V-19.3-19.21" ] }, { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-46751", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35787264" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35787260" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Apache Ivy)). Supported versions that are affected are 23.1.3, 23.2.1 and 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Automated Test Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (Apache Ivy)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2994836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ] } ] }, { "cve": "CVE-2022-46908", "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35064943" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (SQLite)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Workbench executes to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Workbench accessible data as well as unauthorized access to critical data or complete access to all MySQL Workbench accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Workbench. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4627V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "P-4627V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2022-48174", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "35961362" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: OSO (BusyBox)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.3.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994716.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14125V-23.3.1" ] } ] }, { "cve": "CVE-2023-0464", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35475165" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.0" ] } ] }, { "cve": "CVE-2023-0465", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35475165" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.0" ] } ] }, { "cve": "CVE-2023-0466", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35475165" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.0" ] } ] }, { "cve": "CVE-2023-1108", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36119533" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Undertow)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14119V-23.3.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996603.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14119V-23.3.1" ] } ] }, { "cve": "CVE-2023-1370", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35408082" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35408084" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35408077" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35408079" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35408080" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (json-smart)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (json-smart)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (json-smart)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (json-smart)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (json-smart)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13304V-14.5.0-14.7.0", "P-14195V-14.5.0-14.7.0", "P-13703V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0", "P-13872V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.5.0-14.7.0", "P-13703V-14.5.0-14.7.0", "P-13872V-14.5.0-14.7.0", "P-13304V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14195V-14.5.0-14.7.0", "P-13703V-14.5.0-14.7.0", "P-13872V-14.5.0-14.7.0", "P-13304V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2023-1436", "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Private Banking", "text": "35436154" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Oracle Virtual Infrastructure", "text": "35436074" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Oracle Database", "text": "35927443" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35436114" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35436118" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35436104" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35436259" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Fusion Middleware", "text": "35436149" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "35927488" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35436072" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35436108" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Orchestrator", "text": "35436082" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen (Jettison)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: EM/OCI Bridge (Jettison)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager for Oracle Database. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (Jettison)). Supported versions that are affected are Prior to 23.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Private Banking product of Oracle Financial Services Applications (component: Miscellaneous (Jettison)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Jettison)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Jettison)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin (Jettison)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Jettison)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Jettison)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (Jettison)). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Orchestrator. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Oracle Virtual Infrastructure product of Oracle Enterprise Manager (component: Nimbula Generic Bugs (Jettison)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Oracle Virtual Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager for Oracle Virtual Infrastructure. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (Jettison)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Ops Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9008V-Prior to 23.8", "P-14195V-14.5.0-14.7.0", "P-1369V-13.5.0.0", "P-9835V-12.4.0.0", "P-9110V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0", "P-13703V-14.5.0-14.7.0", "P-11681V-Prior to 9.2.8.0", "P-10665V-13.5.0.0", "P-1366V-13.5.0.0", "P-1370V-13.5.0.0", "P-13872V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10665V-13.5.0.0", "P-1369V-13.5.0.0", "P-9835V-12.4.0.0", "P-1366V-13.5.0.0", "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986271.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-Prior to 23.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2993345.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.5.0-14.7.0", "P-13703V-14.5.0-14.7.0", "P-13872V-14.5.0-14.7.0", "P-9110V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11681V-Prior to 9.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9008V-Prior to 23.8", "P-14195V-14.5.0-14.7.0", "P-13703V-14.5.0-14.7.0", "P-11681V-Prior to 9.2.8.0", "P-10665V-13.5.0.0", "P-1369V-13.5.0.0", "P-9835V-12.4.0.0", "P-1366V-13.5.0.0", "P-1370V-13.5.0.0", "P-13872V-14.5.0-14.7.0", "P-9110V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2023-20863", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5760V-19.1.0.0.0-19.1.0.0.16" ] } ], "ids": [ { "system_name": "Oracle Bug ID of GoldenGate Big Data and Application Adapters", "text": "35351053" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Application Adapters (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5760V-19.1.0.0.0-19.1.0.0.16" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5760V-19.1.0.0.0-19.1.0.0.16" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5760V-19.1.0.0.0-19.1.0.0.16" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5760V-19.1.0.0.0-19.1.0.0.16" ] } ] }, { "cve": "CVE-2023-20883", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35576904" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Spring Boot)). Supported versions that are affected are 7.4.0.7.0, 7.4.1.5.0 and 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ] } ] }, { "cve": "CVE-2023-21833", "ids": [ { "system_name": "Oracle Bug ID of Oracle ZFS Storage Appliance Kit", "text": "35548664" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10026V-8.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10026V-8.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992074.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10026V-8.8" ] } ] }, { "acknowledgments": [ { "names": [ "Khanh Nguyen" ] } ], "cve": "CVE-2023-21901", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "34753549" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5680V-8.0.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5680V-8.0.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2995877.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5680V-8.0.9" ] } ] }, { "cve": "CVE-2023-21949", "ids": [ { "system_name": "Oracle Bug ID of Oracle Fusion Middleware", "text": "36080379" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Fusion Middleware (component: Oracle Database Client for Fusion Middleware). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1032V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1032V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-1032V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-22102", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36122005" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "36121942" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36119484" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform). The supported version that is affected is 23.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Network Exposure Function, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade). Supported versions that are affected are 23.1.4 and 23.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Network Repository Function, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling). The supported version that is affected is 23.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Unified Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14118V-23.1.4", "P-14119V-23.3.1", "P-14122V-23.3.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996601.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1", "P-14118V-23.1.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996603.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14118V-23.1.4", "P-14119V-23.3.1", "P-14122V-23.3.1" ] } ] }, { "cve": "CVE-2023-2283", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35548740" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "35548717" }, { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35548736" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35548745" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libssh)). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (libssh)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Console accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (libssh)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Repository Function accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (libssh)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Workbench accessible data as well as unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-8479V-8.0.34 and prior", "P-14250V-23.3.1", "P-8479V-8.1.0", "P-4627V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0", "P-4627V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996591.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14250V-23.3.1", "P-8479V-8.0.34 and prior", "P-8479V-8.1.0", "P-4627V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-23931", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35120810" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Cryptography)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2023-24998", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Customer Management and Segmentation Foundation", "text": "36045100" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Compliance Studio", "text": "35170861" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "35772386" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Apache Commons FileUpload)). Supported versions that are affected are 18.0.0.14 and 19.0.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Pricing Services (Apache Commons FileUpload)). Supported versions that are affected are 5.0.0 and 5.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Reports (Apache Commons FileUpload)). The supported version that is affected is 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Compliance Studio. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5322V-5.1.0", "P-13388V-18.0.0.14", "P-5322V-5.0.0", "P-14392V-8.1.2.5", "P-13388V-19.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13388V-18.0.0.14", "P-13388V-19.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992095.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-5.0.0", "P-5322V-5.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2996660.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14392V-8.1.2.5" ], "url": "https://support.oracle.com/rs?type=doc&id=2992388.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5322V-5.0.0", "P-14392V-8.1.2.5", "P-5322V-5.1.0", "P-13388V-18.0.0.14", "P-13388V-19.0.0.8" ] } ] }, { "cve": "CVE-2023-25194", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35127311" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Apache Kafka)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in takeover of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-7.4.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2283V-7.4.2.8.0" ] } ] }, { "cve": "CVE-2023-2617", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35631765" }, { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "35631756" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (OpenCV)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (OpenCV)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1", "P-13304V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2986271.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1", "P-13304V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2023-2618", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35631765" }, { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "35631756" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (OpenCV)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (OpenCV)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1", "P-13304V-14.5.0-14.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2986271.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1", "P-13304V-14.5.0-14.7.0" ] } ] }, { "cve": "CVE-2023-2650", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35475165" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.0" ] } ] }, { "cve": "CVE-2023-27391", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35788358" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Integrated Performance Primitives)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Service Catalog and Design executes to compromise Oracle Communications Service Catalog and Design. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-7.4.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2283V-7.4.2.8.0" ] } ] }, { "cve": "CVE-2023-28439", "ids": [ { "system_name": "Oracle Bug ID of Oracle Analytics Desktop", "text": "35266089" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Visual Analyzer Integration (CKEditor)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Analytics Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Analytics Desktop, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Analytics Desktop accessible data as well as unauthorized read access to a subset of Oracle Analytics Desktop accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-12791V-7.0.0.0.0", "P-12791V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12791V-7.0.0.0.0", "P-12791V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-12791V-7.0.0.0.0", "P-12791V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2023-28484", "ids": [ { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "35431053" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libxml2)). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0" ] } ] }, { "cve": "CVE-2023-28755", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35435915" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: One-Click Provisioning (Ruby)). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.1" ] } ] }, { "cve": "CVE-2023-28756", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35435915" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: One-Click Provisioning (Ruby)). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.1" ] } ] }, { "cve": "CVE-2023-28823", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35788358" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Integrated Performance Primitives)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Service Catalog and Design executes to compromise Oracle Communications Service Catalog and Design. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2283V-7.4.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2283V-7.4.2.8.0" ] } ] }, { "cve": "CVE-2023-29469", "ids": [ { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "35431053" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libxml2)). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0" ] } ] }, { "cve": "CVE-2023-2975", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35702892" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-2976", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13824V-21.3-21.12", "P-13373V-Prior to 19.5.40", "P-13824V-19.3-19.21" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle JDeveloper", "text": "35554282" }, { "system_name": "Oracle Bug ID of SQLcl (Google Guava)", "text": "35770294" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35734936" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "35583499" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "35770309" }, { "system_name": "Oracle Bug ID of Oracle Fusion Middleware", "text": "36080379" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "36159196" }, { "system_name": "Oracle Bug ID of Primavera P6 Enterprise Project Portfolio Management", "text": "35770306" }, { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "35770229" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "35770303" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergence", "text": "35770226" }, { "system_name": "Oracle Bug ID of Oracle Banking Party Management", "text": "35770149" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35896602" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35770227" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "35770205" }, { "system_name": "Oracle Bug ID of Oracle NoSQL Database", "text": "35770279" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Lending and Leasing", "text": "35770246" }, { "system_name": "Oracle Bug ID of Oracle Banking Enterprise Default Management", "text": "35770147" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35770178" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35770165" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Investor Servicing", "text": "35770243" }, { "system_name": "Oracle Bug ID of Oracle Banking Collections and Recovery", "text": "35891928" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35770153" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web (Google Guava)). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.20, 21.12.0-21.12.17 and 22.12.0-22.12.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (Google Guava)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17 and 22.12.0-22.12.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera Unifier executes to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data as well as unauthorized update, insert or delete access to some of Primavera Unifier accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Collections and Recovery product of Oracle Financial Services Applications (component: Infrastructure (Google Guava)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Collections and Recovery executes to compromise Oracle Banking Collections and Recovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Collections and Recovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Collections and Recovery accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Google Guava)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Fusion Middleware (component: Oracle Database Client for Fusion Middleware). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: User Interface (Google Guava)). Supported versions that are affected are 2.3.0.2, 2.4.0.1, 2.5.0.1, 2.5.0.2, 2.6.0.0 and 2.6.0.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Utilities Network Management System executes to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Network Management System accessible data as well as unauthorized access to critical data or complete access to all Oracle Utilities Network Management System accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the SQLcl (Google Guava) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Google Guava)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Lending and Leasing product of Oracle Financial Services Applications (component: Internal Operations (Google Guava)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Lending and Leasing executes to compromise Oracle Financial Services Lending and Leasing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Lending and Leasing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Lending and Leasing accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure Code (Google Guava)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Investor Servicing executes to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (Google Guava)). The supported version that is affected is 8.1.0.24.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Messaging Server executes to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Messaging Server accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Messaging Server accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Google Guava)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Service Catalog and Design executes to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Service Catalog and Design accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Service Catalog and Design accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Application (Google Guava)). The supported version that is affected is 3.0.3.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Convergence executes to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Convergence accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Convergence accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Google Guava)). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Analytical Applications Infrastructure executes to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Charging (Google Guava)). Supported versions that are affected are 12.0.0.4-12.0.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications BRM - Elastic Charging Engine accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Open Search, Elastic Search, File Processing (Google Guava)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Google Guava)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Virtual Account Management executes to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (Google Guava)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Party Management executes to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Party Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Party Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (Google Guava)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Enterprise Default Management executes to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Enterprise Default Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Enterprise Default Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (Google Guava)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.5 and 8.1.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Behavior Detection Platform executes to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Behavior Detection Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: SOA (Google Guava)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Process Management Suite executes to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces (Google Guava)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle JDeveloper accessible data as well as unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Google Guava)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Agile PLM executes to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data as well as unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13929V-14.5.0-14.7.0", "P-10354V-19.12.0-19.12.16", "P-5325V-12.2.1.4.0", "P-13487V-14.5.0-14.7.0", "P-2241V-2.5.0.2", "P-2283V-7.4.2.8.0", "P-2241V-2.5.0.1", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5579V-19.12.0-19.12.22", "P-8496V-8.1.0.24.0", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-9190V-8.0.8.1", "P-5680V-8.0.9", "P-4461V-9.3.6", "P-8501V-3.0.3.2", "P-5579V-20.12.0-20.12.20", "P-2241V-2.6.0.0", "P-2241V-2.6.0.1", "P-9190V-8.1.1.1", "P-9190V-8.1.2.5", "P-9190V-8.1.2.6", "P-9742V-12.0.0.4-12.0.0.8", "P-5085V-8.59", "P-13390V-14.5.0-14.7.0", "P-1032V-12.2.1.4.0", "P-5579V-22.12.0-22.12.10", "P-2241V-2.3.0.2", "P-5579V-21.12.0-21.12.17", "P-14742V-14.5.0-14.7.0", "P-9099V-14.5.0-14.7.0", "P-10899V-9.0.0.0", "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.11", "P-10354V-21.12.0-21.12.17", "P-2241V-2.4.0.1", "P-5085V-8.61", "P-5085V-8.60", "P-10484V-14.5.0-14.7.0", "P-807V-12.2.1.4.0" ], "known_not_affected": [ "P-13824V-19.3-19.21", "P-13824V-21.3-21.12", "P-13373V-Prior to 19.5.40" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-5579V-19.12.0-19.12.22", "P-10354V-22.12.0-22.12.11", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16", "P-5579V-22.12.0-22.12.10", "P-5579V-20.12.0-20.12.20", "P-5579V-21.12.0-21.12.17" ], "url": "https://support.oracle.com/rs?type=doc&id=2993521.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13487V-14.5.0-14.7.0", "P-14742V-14.5.0-14.7.0", "P-10484V-14.5.0-14.7.0", "P-9099V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994879.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1032V-12.2.1.4.0", "P-5325V-12.2.1.4.0", "P-807V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2", "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-2241V-2.6.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992789.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13824V-21.3-21.12", "P-13373V-Prior to 19.5.40", "P-13824V-19.3-19.21" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.24.0", "P-8501V-3.0.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2992469.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5680V-8.0.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2995877.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4-12.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992676.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2993343.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13929V-14.5.0-14.7.0", "P-13390V-14.5.0-14.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992598.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.1.2.5", "P-9190V-8.1.2.6", "P-9190V-8.0.8.1", "P-9190V-8.1.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992488.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2993347.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-13929V-14.5.0-14.7.0", "P-5325V-12.2.1.4.0", "P-13487V-14.5.0-14.7.0", "P-2241V-2.5.0.2", "P-2283V-7.4.2.8.0", "P-2241V-2.5.0.1", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5579V-19.12.0-19.12.22", "P-8496V-8.1.0.24.0", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-9190V-8.0.8.1", "P-5680V-8.0.9", "P-4461V-9.3.6", "P-8501V-3.0.3.2", "P-5579V-20.12.0-20.12.20", "P-2241V-2.6.0.0", "P-2241V-2.6.0.1", "P-9190V-8.1.1.1", "P-9190V-8.1.2.5", "P-9190V-8.1.2.6", "P-9742V-12.0.0.4-12.0.0.8", "P-5085V-8.59", "P-13390V-14.5.0-14.7.0", "P-5579V-22.12.0-22.12.10", "P-2241V-2.3.0.2", "P-5579V-21.12.0-21.12.17", "P-14742V-14.5.0-14.7.0", "P-9099V-14.5.0-14.7.0", "P-10899V-9.0.0.0", "P-2241V-2.4.0.1", "P-5085V-8.61", "P-5085V-8.60", "P-10484V-14.5.0-14.7.0", "P-807V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.11", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16" ] }, { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-1032V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13824V-21.3-21.12", "P-13824V-19.3-19.21" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13373V-Prior to 19.5.40" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13824V-21.3-21.12", "P-13373V-Prior to 19.5.40", "P-13824V-19.3-19.21" ] } ] }, { "cve": "CVE-2023-30861", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "35450249" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Flask)). Supported versions that are affected are 23.1.0 and 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.1.0", "P-14125V-23.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.1.0", "P-14125V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994716.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-23.1.0", "P-14125V-23.2.0" ] } ] }, { "cve": "CVE-2023-31122", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35958438" }, { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "36123753" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache HTTP Server)). Supported versions that are affected are 5.0.0-5.5.19 and 6.0.0-6.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.0.0-6.0.3", "P-14597V-5.0.0-5.5.19" ], "known_not_affected": [ "P-1522V-Prior to 18.1.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0.0-6.0.3", "P-14597V-5.0.0-5.5.19" ], "url": "https://support.oracle.com/rs?type=doc&id=2997814.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-6.0.0-6.0.3", "P-14597V-5.0.0-5.5.19" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1522V-Prior to 18.1.0.2.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ] } ] }, { "cve": "CVE-2023-31484", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35905919" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35905918" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Perl)). The supported version that is affected is 23.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Perl)). Supported versions that are affected are 23.2.0 and 23.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14130V-23.2.0", "P-14130V-23.3.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994716.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14130V-23.2.0", "P-14130V-23.3.1" ] } ] }, { "cve": "CVE-2023-31486", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35905919" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35905918" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Perl)). The supported version that is affected is 23.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Perl)). Supported versions that are affected are 23.2.0 and 23.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14130V-23.2.0", "P-14130V-23.3.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994716.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14130V-23.2.0", "P-14130V-23.3.1" ] } ] }, { "cve": "CVE-2023-31582", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14250V-23.3.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36121937" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36119513" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "36118146" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "36121878" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (jose4j)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (jose4j)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (jose4j)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Exposure Function accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (jose4j)). Supported versions that are affected are 23.1.4 and 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14118V-23.1.4", "P-14119V-23.3.1", "P-14122V-23.3.1" ], "known_not_affected": [ "P-14250V-23.3.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996591.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996603.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996601.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1", "P-14118V-23.1.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14250V-23.3.1" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14118V-23.1.4", "P-14119V-23.3.1", "P-14122V-23.3.1" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14250V-23.3.1" ] } ] }, { "cve": "CVE-2023-32002", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35815301" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: One-Click Provisioning (Node.js)). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.1" ] } ] }, { "cve": "CVE-2023-32006", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35815301" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: One-Click Provisioning (Node.js)). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.1" ] } ] }, { "cve": "CVE-2023-32559", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35815301" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: One-Click Provisioning (Node.js)). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.1" ] } ] }, { "cve": "CVE-2023-32697", "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "35466897" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: B2B Engine (SQLite)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in takeover of Oracle SOA Suite. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1162V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1162V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-33201", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-13373V-Prior to 1.6" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "35761809" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Revenue Management and Billing", "text": "35763371" }, { "system_name": "Oracle Bug ID of Oracle Banking Extensibility Workbench", "text": "35761782" }, { "system_name": "Oracle Bug ID of Oracle Utilties Application Framework", "text": "35761860" }, { "system_name": "Oracle Bug ID of Oracle NoSQL Database", "text": "35761850" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35761799" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35761778" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35761789" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35761877" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Sites", "text": "35761878" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "35761769" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "35761816" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35761806" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Lending and Leasing", "text": "35761828" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Bouncy Castle Java Library)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Extensibility Workbench product of Oracle Financial Services Applications (component: Infrastructure (Bouncy Castle Java Library)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Banking Extensibility Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Extensibility Workbench accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Bouncy Castle Java Library)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Bouncy Castle Java Library)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Bouncy Castle Java Library)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Service Catalog and Design accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Bouncy Castle Java Library)). Supported versions that are affected are 2.7.1, 2.8.0, 2.9.0, 2.9.1, 3.0.0, 3.1.0, 3.2.0, 4.0.0, 5.0.0, 5.1.0 and 6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: OCI Framework (Bouncy Castle Java Library)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Lending and Leasing product of Oracle Financial Services Applications (component: Internal Operations (Bouncy Castle Java Library)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Financial Services Lending and Leasing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Lending and Leasing accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Bouncy Castle Java Library)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilties Application Framework product of Oracle Utilities Applications (component: General (Bouncy Castle Java Library)). Supported versions that are affected are 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1 and 4.5.0.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Utilties Application Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Utilties Application Framework accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Third Party (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (Bouncy Castle Java Library)). The supported version that is affected is 8.1.0.24.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Messaging Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5322V-5.0.0", "P-5322V-6.0.0", "P-5322V-5.1.0", "P-2245V-4.3.0.6.0", "P-13487V-14.5.0-14.7.0", "P-2245V-4.4.0.0.0", "P-1696V-12.2.1.4.0", "P-2283V-7.4.2.8.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0", "P-8496V-8.1.0.24.0", "P-13701V-14.5.0-14.7.0", "P-10198V-12.2.1.4.0", "P-14124V-14.5.0-14.7.0", "P-5322V-2.9.1", "P-5322V-2.9.0", "P-5322V-2.7.1", "P-5322V-2.8.0", "P-14118V-23.3.1", "P-5322V-3.0.0", "P-5322V-3.2.0", "P-5322V-3.1.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-5322V-4.0.0", "P-2245V-4.5.0.1.3", "P-9617V-12.2.1.4.0", "P-1370V-13.5.0.0", "P-10484V-14.5.0-14.7.0" ], "known_not_affected": [ "P-13373V-Prior to 1.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0", "P-9617V-12.2.1.4.0", "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13701V-14.5.0-14.7.0", "P-14124V-14.5.0-14.7.0", "P-13487V-14.5.0-14.7.0", "P-10484V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5322V-3.0.0", "P-5322V-3.2.0", "P-5322V-3.1.0", "P-5322V-4.0.0", "P-5322V-5.0.0", "P-5322V-6.0.0", "P-5322V-2.9.1", "P-5322V-5.1.0", "P-5322V-2.9.0", "P-5322V-2.7.1", "P-5322V-2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2996660.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986271.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13373V-Prior to 1.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.5.0.1.3", "P-2245V-4.5.0.1.1", "P-2245V-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992789.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.24.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992469.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-5322V-5.0.0", "P-5322V-6.0.0", "P-5322V-5.1.0", "P-2245V-4.3.0.6.0", "P-13487V-14.5.0-14.7.0", "P-2245V-4.4.0.0.0", "P-1696V-12.2.1.4.0", "P-2283V-7.4.2.8.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0", "P-8496V-8.1.0.24.0", "P-13701V-14.5.0-14.7.0", "P-10198V-12.2.1.4.0", "P-14124V-14.5.0-14.7.0", "P-5322V-2.9.1", "P-5322V-2.9.0", "P-5322V-2.7.1", "P-5322V-2.8.0", "P-14118V-23.3.1", "P-5322V-3.0.0", "P-5322V-3.2.0", "P-5322V-3.1.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-5322V-4.0.0", "P-2245V-4.5.0.1.3", "P-9617V-12.2.1.4.0", "P-1370V-13.5.0.0", "P-10484V-14.5.0-14.7.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13373V-Prior to 1.6" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-13373V-Prior to 1.6" ] } ] }, { "cve": "CVE-2023-34034", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14250V-23.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35677925" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35677914" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35677904" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35677906" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35677902" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "35677930" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35677920" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Security)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Spring Security)). Supported versions that are affected are 21.1.0, 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security Component (Spring Security)). Supported versions that are affected are 7.4.1 and 7.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Spring Security)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in takeover of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Spring Boot)). Supported versions that are affected are 23.2.0 and 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Spring Security)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Security)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-12605V-22.1.0", "P-12605V-21.1.0", "P-12605V-22.2.0", "P-14130V-23.2.0", "P-13701V-14.5.0-14.7.0", "P-14130V-23.3.1", "P-13304V-14.5.0-14.7.0", "P-4516V-7.4.1", "P-4516V-7.4.2", "P-2283V-7.4.2.8.0" ], "known_not_affected": [ "P-14250V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12605V-22.1.0", "P-12605V-21.1.0", "P-12605V-22.2.0", "P-13701V-14.5.0-14.7.0", "P-13304V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.1", "P-4516V-7.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2992387.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994716.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2996591.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-12605V-22.1.0", "P-12605V-21.1.0", "P-12605V-22.2.0", "P-14130V-23.2.0", "P-13701V-14.5.0-14.7.0", "P-14130V-23.3.1", "P-13304V-14.5.0-14.7.0", "P-4516V-7.4.1", "P-4516V-7.4.2", "P-2283V-7.4.2.8.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14250V-23.3.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14250V-23.3.0" ] } ] }, { "cve": "CVE-2023-34035", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14250V-23.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35677914" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35677925" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35677904" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35677906" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35677902" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35677920" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Security)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Spring Security)). Supported versions that are affected are 21.1.0, 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Security)). Supported versions that are affected are 14.5.0-14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Spring Security)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Spring Boot)). Supported versions that are affected are 23.2.0 and 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Spring Security)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in takeover of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-12605V-22.1.0", "P-12605V-21.1.0", "P-12605V-22.2.0", "P-14130V-23.2.0", "P-13701V-14.5.0-14.7.0", "P-14130V-23.3.1", "P-13304V-14.5.0-14.7.0", "P-2283V-7.4.2.8.0" ], "known_not_affected": [ "P-14250V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12605V-22.1.0", "P-12605V-21.1.0", "P-12605V-22.2.0", "P-13701V-14.5.0-14.7.0", "P-13304V-14.5.0-14.7.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2996591.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-23.2.0", "P-14130V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994716.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-12605V-22.1.0", "P-12605V-21.1.0", "P-12605V-22.2.0", "P-14130V-23.2.0", "P-13701V-14.5.0-14.7.0", "P-14130V-23.3.1", "P-13304V-14.5.0-14.7.0", "P-2283V-7.4.2.8.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14250V-23.3.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14250V-23.3.0" ] } ] }, { "cve": "CVE-2023-34053", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "36110689" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Third Party (Spring Framework)). Supported versions that are affected are 23.2.0.0.2 and 23.3.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14547V-23.2.0.0.2", "P-14547V-23.3.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.2.0.0.2", "P-14547V-23.3.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994883.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14547V-23.2.0.0.2", "P-14547V-23.3.0.0.0" ] } ] }, { "cve": "CVE-2023-34055", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "36118248" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "36101537" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Third Party (Spring Boot)). Supported versions that are affected are 23.2.0.0.2 and 23.3.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Spring Boot)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14250V-23.3.1", "P-14547V-23.3.0.0.0", "P-14547V-23.2.0.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.2.0.0.2", "P-14547V-23.3.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994883.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996591.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14250V-23.3.1", "P-14547V-23.2.0.0.2", "P-14547V-23.3.0.0.0" ] } ] }, { "cve": "CVE-2023-34453", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36030436" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (Snappy)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-34454", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36030436" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (Snappy)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-34455", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36030436" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (Snappy)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-3446", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35702892" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35748368" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server, Pipeline Test Failures, Installation (OpenSSL)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2023-34462", "ids": [ { "system_name": "Oracle Bug ID of Oracle NoSQL Database", "text": "35576795" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "35576805" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: NMS Monitor (Netty)). Supported versions that are affected are 2.5.0.1, 2.5.0.2 and 2.6.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via TLS to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Utilities Network Management System. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle NoSQL Database (component: Administration (Netty)). Supported versions that are affected are Prior to 19.5.40, Prior to 20.3.38, Prior to 21.2.30, Prior to 22.3.94 and Prior to 23.1.29. Easily exploitable vulnerability allows low privileged attacker with network access via TLS to compromise Oracle NoSQL Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle NoSQL Database. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13373V-Prior to 23.1.29", "P-13373V-Prior to 19.5.40", "P-13373V-Prior to 20.3.38", "P-13373V-Prior to 22.3.94", "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-13373V-Prior to 21.2.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992789.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13373V-Prior to 23.1.29", "P-13373V-Prior to 19.5.40", "P-13373V-Prior to 20.3.38", "P-13373V-Prior to 22.3.94", "P-13373V-Prior to 21.2.30" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13373V-Prior to 23.1.29", "P-13373V-Prior to 19.5.40", "P-13373V-Prior to 20.3.38", "P-13373V-Prior to 22.3.94", "P-13373V-Prior to 21.2.30" ] } ] }, { "cve": "CVE-2023-34624", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35734882" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (HtmlCleaner)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4461V-9.3.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2993347.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4461V-9.3.6" ] } ] }, { "cve": "CVE-2023-34981", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Instant Messaging Server", "text": "35627521" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: Installation (Apache Tomcat)). The supported version that is affected is 10.0.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via XMPP to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Instant Messaging Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8495V-10.0.1.7.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8495V-10.0.1.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992469.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-8495V-10.0.1.7.0" ] } ] }, { "cve": "CVE-2023-35141", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35863168" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35863166" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35863162" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Dashboard (Jenkins)). Supported versions that are affected are 23.1.0, 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 23.1.3, 23.2.1 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14123V-23.2.0", "P-14488V-23.1.3", "P-14123V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-23.2.0", "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2994836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14123V-23.2.0", "P-14488V-23.1.3", "P-14123V-23.3.0" ] } ] }, { "cve": "CVE-2023-35887", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Customer Management and Segmentation Foundation", "text": "35774638" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Apache Mina SSHD)). The supported version that is affected is 19.0.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13388V-19.0.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13388V-19.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992095.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-13388V-19.0.0.8" ] } ] }, { "cve": "CVE-2023-36054", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35765687" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "35765685" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (Kerberos)). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (Kerberos)). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.0.34 and prior", "P-8478V-8.0.34 and prior", "P-8479V-8.1.0", "P-8478V-8.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8479V-8.0.34 and prior", "P-8479V-8.1.0", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8479V-8.0.34 and prior", "P-8479V-8.1.0", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-3635", "ids": [ { "system_name": "Oracle Bug ID of Oracle Access Manager", "text": "35798094" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Okio)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Access Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5565V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5565V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5565V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-36478", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-10770V-9.4.53", "P-11052V-9.4.53" ] }, { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Coherence", "text": "35998979" }, { "system_name": "Oracle Bug ID of Oracle Retail EFTLink", "text": "35999013" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "36122066" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35998989" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35998995" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35998994" }, { "system_name": "Oracle Bug ID of Graph Server and Client", "text": "35999009" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35998992" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35998990" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Element Manager product of Oracle Communications (component: Third Party (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Session Report Manager product of Oracle Communications (component: Third Party (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Graph Server and Client product of Oracle Graph Server and Client (component: Packaging (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail EFTLink product of Oracle Retail Applications (component: Install (Eclipse Jetty)). Supported versions that are affected are 20.0.1 and 21.0.0-23.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail EFTLink. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail EFTLink. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party (Eclipse Jetty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Eclipse Jetty)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Eclipse Jetty)). Supported versions that are affected are 7.4.0.7.0, 7.4.1.5.0 and 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: General (Eclipse Jetty)). Supported versions that are affected are 23.2.0.0.2 and 23.3.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11516V-21.0.0-23.0.0", "P-14118V-23.3.1", "P-11516V-20.0.1", "P-2545V-12.2.1.4.0", "P-14547V-23.2.0.0.2", "P-14122V-23.3.1", "P-2545V-14.1.1.0.0", "P-14547V-23.3.0.0.0", "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ], "known_not_affected": [ "P-14069V-Prior to 22.4.6", "P-10770V-9.4.53", "P-11052V-9.4.53", "P-14069V-Prior to 23.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.4.53" ], "url": "https://support.oracle.com/rs?type=doc&id=2994838.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.4.53" ], "url": "https://support.oracle.com/rs?type=doc&id=2994862.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11516V-21.0.0-23.0.0", "P-11516V-20.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992095.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996601.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2545V-12.2.1.4.0", "P-2545V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.2.0.0.2", "P-14547V-23.3.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994883.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6", "P-10770V-9.4.53", "P-11052V-9.4.53" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-11516V-21.0.0-23.0.0", "P-14118V-23.3.1", "P-11516V-20.0.1", "P-2545V-12.2.1.4.0", "P-14547V-23.2.0.0.2", "P-14122V-23.3.1", "P-2545V-14.1.1.0.0", "P-14547V-23.3.0.0.0", "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-10770V-9.4.53", "P-11052V-9.4.53" ] }, { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6" ] } ] }, { "cve": "CVE-2023-36479", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "35880649" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35840636" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (Jetty) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Configuration (Eclipse Jetty)). Supported versions that are affected are 23.3.0 and 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Data Analytics Function accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14489V-23.4.0", "P-14489V-23.3.0" ], "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-23.4.0", "P-14489V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994863.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-14489V-23.4.0", "P-14489V-23.3.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-36632", "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35906686" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (Python)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Workbench accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4627V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-4627V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-37536", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5757V-19.1.0.0.0-19.1.0.0.231017", "P-5760V-19.1.0.0.0-19.1.0.0.16", "P-5760V-21.3-21.12", "P-5757V-21.3-21.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications MetaSolv Solution", "text": "35955456" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Charging and Control", "text": "35955457" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35955452" }, { "system_name": "Oracle Bug ID of GoldenGate Big Data and Application Adapters", "text": "35955485" }, { "system_name": "Oracle Bug ID of Oracle Communications IP Service Activator", "text": "35955453" }, { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "35955450" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate", "text": "35955483" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergent Charging Controller", "text": "35955451" }, { "system_name": "Oracle Bug ID of Oracle Communications ASAP", "text": "35955449" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications ASAP product of Oracle Communications Applications (component: Security (Apache Xerces-C++)). The supported version that is affected is 7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications ASAP. Successful attacks of this vulnerability can result in takeover of Oracle Communications ASAP. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Platform (Apache Xerces-C++)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0 and 15.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common Functions (Apache Xerces-C++)). Supported versions that are affected are 12.0.1.0.0-12.0.6.0.0 and 6.0.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Xerces-C++)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications IP Service Activator product of Oracle Communications Applications (component: PolicyServer (Apache Xerces-C++)). Supported versions that are affected are 7.4.0 and 7.5.0. Easily exploitable vulnerability allows physical access to compromise Oracle Communications IP Service Activator. Successful attacks of this vulnerability can result in takeover of Oracle Communications IP Service Activator. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications MetaSolv Solution product of Oracle Communications Applications (component: UI General (Apache Xerces-C++)). The supported version that is affected is 6.3.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications MetaSolv Solution. Successful attacks of this vulnerability can result in takeover of Oracle Communications MetaSolv Solution. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common Functions (Apache Xerces-C++)). Supported versions that are affected are 12.0.1.0.0-12.0.6.0.0 and 6.0.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle GoldenGate (component: Oracle GoldenGate (Apache Xerces-C++)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Application Adapters (Apache Xerces-C++)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-12985V-6.0.1.0.0", "P-12985V-12.0.1.0.0-12.0.6.0.0", "P-2136V-15.0.0.0.0", "P-2261V-7.4.0", "P-2267V-6.3.1.0.0", "P-2261V-7.5.0", "P-10899V-8.6.0.0", "P-4623V-6.0.1.0.0", "P-2260V-7.4", "P-4623V-12.0.1.0.0-12.0.6.0.0" ], "known_not_affected": [ "P-5757V-19.1.0.0.0-19.1.0.0.231017", "P-5760V-19.1.0.0.0-19.1.0.0.16", "P-5760V-21.3-21.12", "P-5757V-21.3-21.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2260V-7.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2992397.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-2136V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992408.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12985V-6.0.1.0.0", "P-12985V-12.0.1.0.0-12.0.6.0.0", "P-4623V-6.0.1.0.0", "P-4623V-12.0.1.0.0-12.0.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992468.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994879.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2261V-7.4.0", "P-2261V-7.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992410.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2267V-6.3.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992415.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5757V-19.1.0.0.0-19.1.0.0.231017", "P-5760V-19.1.0.0.0-19.1.0.0.16", "P-5760V-21.3-21.12", "P-5757V-21.3-21.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-12985V-6.0.1.0.0", "P-12985V-12.0.1.0.0-12.0.6.0.0", "P-2136V-15.0.0.0.0", "P-2267V-6.3.1.0.0", "P-10899V-8.6.0.0", "P-4623V-6.0.1.0.0", "P-2260V-7.4", "P-4623V-12.0.1.0.0-12.0.6.0.0" ] }, { "cvss_v3": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2261V-7.4.0", "P-2261V-7.5.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5757V-19.1.0.0.0-19.1.0.0.231017", "P-5760V-19.1.0.0.0-19.1.0.0.16", "P-5760V-21.3-21.12", "P-5757V-21.3-21.12" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5757V-19.1.0.0.0-19.1.0.0.231017", "P-5760V-19.1.0.0.0-19.1.0.0.16", "P-5760V-21.3-21.12", "P-5757V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-38039", "ids": [ { "system_name": "Oracle Bug ID of Oracle Spatial and Graph (curl)", "text": "35914430" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Spatial and Graph (curl) component of Oracle Database Server. Supported versions that are affected are 19.3-19.21, 21.3-21.12 and 23.3. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Spatial and Graph (curl). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (curl). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-619V-23.3", "P-619V-19.3-19.21", "P-619V-21.3-21.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-23.3", "P-619V-19.3-19.21", "P-619V-21.3-21.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-619V-23.3", "P-619V-19.3-19.21", "P-619V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-3817", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35702892" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35748368" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server, Pipeline Test Failures, Installation (OpenSSL)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2023-3823", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "35743353" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1522V-Prior to 18.1.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1522V-Prior to 18.1.0.2.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ] } ] }, { "cve": "CVE-2023-3824", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "35743353" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1522V-Prior to 18.1.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1522V-Prior to 18.1.0.2.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ] } ] }, { "cve": "CVE-2023-38325", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35697978" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35896620" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Cryptography)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Cryptography)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-10899V-9.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994879.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-10899V-9.0.0.0" ] } ] }, { "cve": "CVE-2023-38545", "ids": [ { "system_name": "Oracle Bug ID of Oracle Spatial and Graph (curl)", "text": "35914430" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35954048" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "35954023" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35954051" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Spatial and Graph (curl) component of Oracle Database Server. Supported versions that are affected are 19.3-19.21, 21.3-21.12 and 23.3. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Spatial and Graph (curl). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (curl). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (curl)). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Essbase Web Platform (curl)). The supported version that is affected is 21.5.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOCKS5 to compromise Oracle Essbase. Successful attacks of this vulnerability can result in takeover of Oracle Essbase. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Third Party (curl)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-619V-23.3", "P-619V-19.3-19.21", "P-619V-21.3-21.12", "P-4379V-21.5.3.0.0", "P-8479V-8.0.34 and prior", "P-1042V-12.2.1.4.0", "P-8479V-8.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-23.3", "P-619V-19.3-19.21", "P-619V-21.3-21.12", "P-4379V-21.5.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-619V-23.3", "P-619V-19.3-19.21", "P-619V-21.3-21.12" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4379V-21.5.3.0.0", "P-8479V-8.0.34 and prior", "P-1042V-12.2.1.4.0", "P-8479V-8.1.0" ] } ] }, { "cve": "CVE-2023-38546", "ids": [ { "system_name": "Oracle Bug ID of Oracle Spatial and Graph (curl)", "text": "35914430" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35954048" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "35954023" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35954051" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (curl)). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Spatial and Graph (curl) component of Oracle Database Server. Supported versions that are affected are 19.3-19.21, 21.3-21.12 and 23.3. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Spatial and Graph (curl). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (curl). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Essbase Web Platform (curl)). The supported version that is affected is 21.5.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOCKS5 to compromise Oracle Essbase. Successful attacks of this vulnerability can result in takeover of Oracle Essbase. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Third Party (curl)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-619V-23.3", "P-619V-19.3-19.21", "P-4379V-21.5.3.0.0", "P-619V-21.3-21.12", "P-8479V-8.0.34 and prior", "P-1042V-12.2.1.4.0", "P-8479V-8.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-23.3", "P-619V-19.3-19.21", "P-619V-21.3-21.12", "P-4379V-21.5.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4379V-21.5.3.0.0", "P-8479V-8.0.34 and prior", "P-1042V-12.2.1.4.0", "P-8479V-8.1.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-619V-23.3", "P-619V-19.3-19.21", "P-619V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-39151", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35863168" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35863166" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35863162" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 23.1.3, 23.2.1 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Dashboard (Jenkins)). Supported versions that are affected are 23.1.0, 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3", "P-14123V-23.2.0", "P-14123V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2994836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-23.2.0", "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3", "P-14123V-23.2.0", "P-14123V-23.3.0" ] } ] }, { "cve": "CVE-2023-39318", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35838582" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: Kubernetes Operator (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-Prior to 21.1.1.19.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 21.1.1.19.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ] } ] }, { "cve": "CVE-2023-39319", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35838582" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: Kubernetes Operator (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-Prior to 21.1.1.19.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 21.1.1.19.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ] } ] }, { "cve": "CVE-2023-39320", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35838582" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: Kubernetes Operator (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-Prior to 21.1.1.19.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 21.1.1.19.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ] } ] }, { "cve": "CVE-2023-39321", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35838582" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: Kubernetes Operator (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-Prior to 21.1.1.19.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 21.1.1.19.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ] } ] }, { "cve": "CVE-2023-39322", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35838582" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: Kubernetes Operator (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-Prior to 21.1.1.19.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 21.1.1.19.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-1870V-Prior to 21.1.1.19.0" ] } ] }, { "cve": "CVE-2023-39410", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35962599" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "35878265" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35926864" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: BPM Composer (Apache Avro)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Avro)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Avro)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-5325V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-12.2.1.4.0", "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4647V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-5325V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2023-39975", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35765687" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "35765685" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (Kerberos)). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (Kerberos)). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.0.34 and prior", "P-8478V-8.0.34 and prior", "P-8479V-8.1.0", "P-8478V-8.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8479V-8.0.34 and prior", "P-8479V-8.1.0", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8479V-8.0.34 and prior", "P-8479V-8.1.0", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-40167", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Coherence", "text": "35998979" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "35880649" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35840636" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (Jetty) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Configuration (Eclipse Jetty)). Supported versions that are affected are 23.3.0 and 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Data Analytics Function accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party (Eclipse Jetty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14489V-23.4.0", "P-14489V-23.3.0", "P-2545V-14.1.1.0.0", "P-2545V-12.2.1.4.0" ], "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-23.4.0", "P-14489V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994863.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2545V-12.2.1.4.0", "P-2545V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-14489V-23.4.0", "P-14489V-23.3.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2545V-12.2.1.4.0", "P-2545V-14.1.1.0.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-4043", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(SQLcl)V-21.3-21.12", "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36018645" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36020742" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the SQLcl (Eclipse parsson) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (Eclipse parsson) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(SQLcl)V-21.3-21.12", "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(SQLcl)V-21.3-21.12", "P-5(Oracle Database Workload Manager)V-21.3-21.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(SQLcl)V-21.3-21.12", "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(SQLcl)V-21.3-21.12", "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-41053", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35837990" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installation and Configuration (Redis)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Security Edge Protection Proxy executes to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14123V-23.3.0" ] } ] }, { "cve": "CVE-2023-41105", "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35906686" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (Python)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Workbench accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4627V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-4627V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-41900", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "35880649" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35840636" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (Jetty) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Configuration (Eclipse Jetty)). Supported versions that are affected are 23.3.0 and 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Data Analytics Function accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14489V-23.4.0", "P-14489V-23.3.0" ], "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-23.4.0", "P-14489V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994863.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-14489V-23.4.0", "P-14489V-23.3.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-42503", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5547V-22.2.0", "P-5547V-23.1.0", "P-5547V-21.4.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "35853150" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35966322" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35853143" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "35853154" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "35853134" }, { "system_name": "Oracle Bug ID of Oracle SQL Developer", "text": "35853233" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35853234" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35853127" }, { "system_name": "Oracle Bug ID of Primavera P6 Enterprise Project Portfolio Management", "text": "35853226" }, { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "35853129" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "35853217" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "35853228" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (Apache Commons Compress)). The supported version that is affected is 8.1.0.24.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Messaging Server executes to compromise Oracle Communications Messaging Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Apache Commons Compress)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Service Catalog and Design executes to compromise Oracle Communications Service Catalog and Design. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security Component (Apache Commons Compress)). Supported versions that are affected are 7.4.0, 7.4.1 and 7.4.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Unified Inventory Management executes to compromise Oracle Communications Unified Inventory Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Essbase Web Platform (Apache Commons Compress)). The supported version that is affected is 21.5.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Essbase executes to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Essbase. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons Compress)). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Financial Services Analytical Applications Infrastructure executes to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: NMS Monitor (Apache Commons Compress)). The supported version that is affected is 2.6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Utilities Network Management System executes to compromise Oracle Utilities Network Management System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Network Management System. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web (Apache Commons Compress)). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.20, 21.12.0-21.12.17 and 22.12.0-22.12.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (Apache Commons Compress)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17 and 22.12.0-22.12.11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Primavera Unifier executes to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle SQL Developer (component: Data Modeler (Apache Commons Compress)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebCenter Portal executes to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Commons Compress)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (Apache Commons Compress)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.5 and 8.1.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Financial Services Behavior Detection Platform executes to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10354V-19.12.0-19.12.16", "P-4516V-7.4.0", "P-4516V-7.4.1", "P-4516V-7.4.2", "P-1696V-12.2.1.4.0", "P-2283V-7.4.2.8.0", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-8496V-8.1.0.24.0", "P-5680V-8.1.2", "P-5579V-19.12.0-19.12.22", "P-4379V-21.5.3.0.0", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-9190V-8.0.8.1", "P-5680V-8.0.9", "P-5242V-12.2.1.4.0", "P-5579V-20.12.0-20.12.20", "P-2241V-2.6.0.1", "P-9190V-8.1.1.1", "P-9190V-8.1.2.5", "P-9190V-8.1.2.6", "P-5579V-22.12.0-22.12.10", "P-5579V-21.12.0-21.12.17", "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.11", "P-5242V-14.1.1.0.0", "P-10354V-21.12.0-21.12.17" ], "known_not_affected": [ "P-5547V-22.2.0", "P-5547V-21.4.2", "P-5547V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.24.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992469.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.0", "P-4516V-7.4.1", "P-4516V-7.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2992387.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5547V-22.2.0", "P-4379V-21.5.3.0.0", "P-5547V-23.1.0", "P-5547V-21.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5680V-8.0.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2995877.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.6.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992789.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-5579V-19.12.0-19.12.22", "P-10354V-22.12.0-22.12.11", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16", "P-5579V-22.12.0-22.12.10", "P-5579V-20.12.0-20.12.20", "P-5579V-21.12.0-21.12.17" ], "url": "https://support.oracle.com/rs?type=doc&id=2993521.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0", "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.1.2.5", "P-9190V-8.1.2.6", "P-9190V-8.0.8.1", "P-9190V-8.1.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992488.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9190V-8.1.2.5", "P-9190V-8.1.2.6", "P-4516V-7.4.0", "P-4516V-7.4.1", "P-4516V-7.4.2", "P-1696V-12.2.1.4.0", "P-2283V-7.4.2.8.0", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-8496V-8.1.0.24.0", "P-5680V-8.1.2", "P-5242V-14.1.1.0.0", "P-4379V-21.5.3.0.0", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-9190V-8.0.8.1", "P-5680V-8.0.9", "P-5242V-12.2.1.4.0", "P-2241V-2.6.0.1", "P-9190V-8.1.1.1" ] }, { "cvss_v3": { "baseScore": 5.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5579V-19.12.0-19.12.22", "P-5579V-22.12.0-22.12.10", "P-5579V-20.12.0-20.12.20", "P-5579V-21.12.0-21.12.17" ] }, { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.11", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5547V-22.2.0", "P-5547V-23.1.0", "P-5547V-21.4.2" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5547V-22.2.0", "P-5547V-23.1.0", "P-5547V-21.4.2" ] } ] }, { "cve": "CVE-2023-42794", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36066696" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35954098" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35950960" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35902146" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35954090" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "35791400" }, { "system_name": "Oracle Bug ID of Oracle Big Data Spatial and Graph", "text": "35954092" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI , UI (Apache Tomcat)). Supported versions that are affected are Prior to 23.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Tomcat)). Supported versions that are affected are 5.5.0-5.5.19 and 6.0.0-6.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). The supported version that is affected is 3.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Big Data Spatial and Graph. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Big Data Spatial and Graph accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Grid Infrastructure (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Managed File Transfer. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9011V-Prior to 23.12", "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3", "P-10198V-12.2.1.4.0", "P-4461V-9.3.6", "P-10899V-8.6.0.0", "P-11528V-3.0.4" ], "known_not_affected": [ "P-5(Grid Infrastructure)V-21.3-21.12", "P-5(Grid Infrastructure)V-19.3-19.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-Prior to 23.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2993345.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2997814.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2993347.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12", "P-11528V-3.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994879.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9011V-Prior to 23.12", "P-10198V-12.2.1.4.0", "P-4461V-9.3.6" ] }, { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-11528V-3.0.4" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-42795", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36066696" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35954098" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35950960" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35954090" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35902146" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "35791400" }, { "system_name": "Oracle Bug ID of Oracle Big Data Spatial and Graph", "text": "35954092" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Grid Infrastructure (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). The supported version that is affected is 3.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Big Data Spatial and Graph. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Big Data Spatial and Graph accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Tomcat)). Supported versions that are affected are 5.5.0-5.5.19 and 6.0.0-6.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI , UI (Apache Tomcat)). Supported versions that are affected are Prior to 23.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Managed File Transfer. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9011V-Prior to 23.12", "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3", "P-10198V-12.2.1.4.0", "P-4461V-9.3.6", "P-10899V-8.6.0.0", "P-11528V-3.0.4" ], "known_not_affected": [ "P-5(Grid Infrastructure)V-21.3-21.12", "P-5(Grid Infrastructure)V-19.3-19.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12", "P-11528V-3.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994879.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2993347.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2997814.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-Prior to 23.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2993345.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-11528V-3.0.4" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9011V-Prior to 23.12", "P-10198V-12.2.1.4.0", "P-4461V-9.3.6" ] }, { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-43494", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35863168" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35863166" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35863162" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 23.1.3, 23.2.1 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Dashboard (Jenkins)). Supported versions that are affected are 23.1.0, 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3", "P-14123V-23.2.0", "P-14123V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2994836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-23.2.0", "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3", "P-14123V-23.2.0", "P-14123V-23.3.0" ] } ] }, { "cve": "CVE-2023-43495", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35863168" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35863166" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35863162" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 23.1.3, 23.2.1 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Dashboard (Jenkins)). Supported versions that are affected are 23.1.0, 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3", "P-14123V-23.2.0", "P-14123V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2994836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-23.2.0", "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3", "P-14123V-23.2.0", "P-14123V-23.3.0" ] } ] }, { "cve": "CVE-2023-43496", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35863168" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35863166" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35863162" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Dashboard (Jenkins)). Supported versions that are affected are 23.1.0, 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 23.1.3, 23.2.1 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14123V-23.2.0", "P-14488V-23.1.3", "P-14123V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-23.2.0", "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2994836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14123V-23.2.0", "P-14488V-23.1.3", "P-14123V-23.3.0" ] } ] }, { "cve": "CVE-2023-43497", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35863168" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35863166" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35863162" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Dashboard (Jenkins)). Supported versions that are affected are 23.1.0, 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 23.1.3, 23.2.1 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14123V-23.2.0", "P-14488V-23.1.3", "P-14123V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-23.2.0", "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2994836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14123V-23.2.0", "P-14488V-23.1.3", "P-14123V-23.3.0" ] } ] }, { "cve": "CVE-2023-43498", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35863168" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35863166" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35863162" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Dashboard (Jenkins)). Supported versions that are affected are 23.1.0, 23.2.0 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 23.1.3, 23.2.1 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14123V-23.2.0", "P-14488V-23.1.3", "P-14123V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-23.2.0", "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14488V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2994836.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-14123V-23.1.0", "P-14488V-23.2.1", "P-14488V-23.3.0", "P-14123V-23.2.0", "P-14488V-23.1.3", "P-14123V-23.3.0" ] } ] }, { "cve": "CVE-2023-43622", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35958438" }, { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "36123753" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache HTTP Server)). Supported versions that are affected are 5.0.0-5.5.19 and 6.0.0-6.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.0.0-6.0.3", "P-14597V-5.0.0-5.5.19" ], "known_not_affected": [ "P-1522V-Prior to 18.1.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0.0-6.0.3", "P-14597V-5.0.0-5.5.19" ], "url": "https://support.oracle.com/rs?type=doc&id=2997814.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1522V-Prior to 18.1.0.2.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-6.0.0-6.0.3", "P-14597V-5.0.0-5.5.19" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ] } ] }, { "cve": "CVE-2023-43642", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "36030436" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (Snappy)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-43643", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35897232" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (AntiSamy)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-44483", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35977809" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35943377" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35977807" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "35977818" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition", "text": "35977846" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35936013" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35977888" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "35977815" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Santuario XML Security For Java)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Discussion Forums (Apache Santuario XML Security For Java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Apache Santuario XML Security For Java)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Apache Santuario XML Security For Java)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Service Catalog and Design accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Apache Santuario XML Security For Java)). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (Apache Santuario XML Security For Java)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.5 and 8.1.2.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (Apache Santuario XML Security For Java)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (Apache Santuario XML Security For Java)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9190V-8.1.2.5", "P-13789V-8.0.8", "P-9190V-8.1.2.6", "P-5085V-8.59", "P-1696V-12.2.1.4.0", "P-2283V-7.4.2.8.0", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-14250V-23.3.1", "P-5680V-8.1.2", "P-5242V-14.1.1.0.0", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-9190V-8.0.8.1", "P-5680V-8.0.9", "P-5242V-12.2.1.4.0", "P-5085V-8.61", "P-5085V-8.60", "P-9190V-8.1.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0", "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996591.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5680V-8.0.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2995877.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.1.2.5", "P-9190V-8.1.2.6", "P-9190V-8.0.8.1", "P-9190V-8.1.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992488.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13789V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992489.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2993343.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-9190V-8.1.2.5", "P-13789V-8.0.8", "P-9190V-8.1.2.6", "P-5085V-8.59", "P-1696V-12.2.1.4.0", "P-2283V-7.4.2.8.0", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-14250V-23.3.1", "P-5680V-8.1.2", "P-5242V-14.1.1.0.0", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-9190V-8.0.8.1", "P-5680V-8.0.9", "P-5242V-12.2.1.4.0", "P-5085V-8.61", "P-5085V-8.60", "P-9190V-8.1.1.1" ] } ] }, { "cve": "CVE-2023-44487", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9456V-Prior to 23.3.0" ] }, { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-10770V-9.4.53", "P-11052V-9.4.53" ] }, { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12", "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35998989" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35999514" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35950960" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36119464" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "36060120" }, { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "36043982" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35999560" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35954098" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35999521" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "35999522" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35999523" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35998995" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35998994" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35998992" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35954090" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35998990" }, { "system_name": "Oracle Bug ID of Oracle Big Data Spatial and Graph", "text": "35954092" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36066696" }, { "system_name": "Oracle Bug ID of Oracle Coherence", "text": "35998979" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergent Charging Controller", "text": "35999525" }, { "system_name": "Oracle Bug ID of Graph Server and Client", "text": "35999009" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35999526" }, { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "35999527" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35999528" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Charging and Control", "text": "35999529" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "36060110" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36119408" }, { "system_name": "Oracle Bug ID of Oracle Retail EFTLink", "text": "35999013" }, { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35999554" }, { "system_name": "Oracle Bug ID of Oracle Communications Pricing Design Center", "text": "35825497" }, { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "35895339" }, { "system_name": "Oracle Bug ID of Oracle Coherence", "text": "35999512" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36119424" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "35791400" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35902146" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Managed File Transfer. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Services Manager (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0 and 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle REST Data Services (component: ORDS (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI , UI (Apache Tomcat)). Supported versions that are affected are Prior to 23.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Tomcat)). Supported versions that are affected are 5.5.0-5.5.19 and 6.0.0-6.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). The supported version that is affected is 3.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Big Data Spatial and Graph. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Big Data Spatial and Graph accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party (Eclipse Jetty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Eclipse Jetty)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Eclipse Jetty)). Supported versions that are affected are 7.4.0.7.0, 7.4.1.5.0 and 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: General (Eclipse Jetty)). Supported versions that are affected are 23.2.0.0.2 and 23.3.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Element Manager product of Oracle Communications (component: Third Party (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Session Report Manager product of Oracle Communications (component: Third Party (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Graph Server and Client product of Oracle Graph Server and Client (component: Packaging (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail EFTLink product of Oracle Retail Applications (component: Install (Eclipse Jetty)). Supported versions that are affected are 20.0.1 and 21.0.0-23.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail EFTLink. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail EFTLink. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party (Netty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench (Netty)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Netty)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Netty)). Supported versions that are affected are 23.2.0 and 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Netty)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common Functions (Netty)). Supported versions that are affected are 12.0.6.0.0 and 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Netty)). Supported versions that are affected are 7.4.0.7.0, 7.4.1.5.0 and 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (Netty)). The supported version that is affected is 8.1.0.24.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Third Party (Netty)). Supported versions that are affected are 23.2.0.0.2 and 23.3.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common Functions (Netty)). Supported versions that are affected are 12.0.6.0.0 and 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: TimesTen Grid (Netty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Open Search, Elastic Search (Netty)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). The supported version that is affected is Oracle GraalVM for JDK: 21.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM for JDK. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install/Upgrade (Eclipse Jetty)). Supported versions that are affected are 23.2.0 and 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Install/Upgrade (Eclipse Jetty)). Supported versions that are affected are 23.2.0.0.2 and 23.3.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Grid Infrastructure (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Nghttp2)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Netty)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Eclipse Jetty)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9011V-Prior to 23.12", "P-14597V-5.5.0-5.5.19", "P-14130(Install/Upgrade)V-23.2.0", "P-14547(General)V-23.2.0.0.2", "P-14130(Install/Upgrade)V-23.3.1", "P-2283(PSR Designer)V-7.4.0.7.0", "P-14547(Install/Upgrade)V-23.3.0.0.0", "P-2545(Third Party)V-12.2.1.4.0", "P-14118(Install/Upgrade)V-23.3.1", "P-8496V-8.1.0.24.0", "P-10198V-12.2.1.4.0", "P-9437V-15.0.0.0.0", "P-4461V-9.3.6", "P-14119(Signaling)V-23.3.1", "P-14123V-23.3.0", "P-14547(Third Party)V-23.3.0.0.0", "P-11528V-3.0.4", "P-4623V-15.0.0.0.0", "P-11516V-21.0.0-23.0.0", "P-12985V-12.0.6.0.0", "P-14597V-6.0.0-6.0.3", "P-4623V-12.0.6.0.0", "P-5085V-8.59", "P-14547(General)V-23.3.0.0.0", "P-12985V-15.0.0.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0", "P-2545(Third Party)V-14.1.1.0.0", "P-9633V-11.3.2", "P-11516V-20.0.1", "P-2283(PSR Designer)V-7.4.1.5.0", "P-2283(PSR Designer)V-7.4.2.8.0", "P-13497V-Oracle GraalVM for JDK:21.0.1", "P-10899V-8.6.0.0", "P-14547(Third Party)V-23.2.0.0.2", "P-5085V-8.61", "P-5085V-8.60", "P-14547(Install/Upgrade)V-23.2.0.0.2" ], "known_not_affected": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Grid Infrastructure)V-19.3-19.21", "P-9456V-Prior to 23.3.0", "P-5(Grid Infrastructure)V-21.3-21.12", "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6", "P-10770V-9.4.53", "P-11052V-9.4.53" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0", "P-2545(Third Party)V-12.2.1.4.0", "P-2545(Third Party)V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9437V-15.0.0.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992675.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Grid Infrastructure)V-19.3-19.21", "P-9456V-Prior to 23.3.0", "P-5(Grid Infrastructure)V-21.3-21.12", "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6", "P-11528V-3.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-Prior to 23.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2993345.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2997814.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2993347.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994879.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Install/Upgrade)V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283(PSR Designer)V-7.4.0.7.0", "P-2283(PSR Designer)V-7.4.1.5.0", "P-2283(PSR Designer)V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547(General)V-23.2.0.0.2", "P-14547(Install/Upgrade)V-23.3.0.0.0", "P-14547(General)V-23.3.0.0.0", "P-14547(Third Party)V-23.2.0.0.2", "P-14547(Third Party)V-23.3.0.0.0", "P-14547(Install/Upgrade)V-23.2.0.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2994883.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.4.53" ], "url": "https://support.oracle.com/rs?type=doc&id=2994838.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.4.53" ], "url": "https://support.oracle.com/rs?type=doc&id=2994862.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11516V-21.0.0-23.0.0", "P-11516V-20.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992095.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2993583.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130(Install/Upgrade)V-23.2.0", "P-14130(Install/Upgrade)V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994716.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12985V-12.0.6.0.0", "P-4623V-12.0.6.0.0", "P-12985V-15.0.0.0.0", "P-4623V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992468.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.24.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992469.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2993343.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:21.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119(Signaling)V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996603.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9011V-Prior to 23.12", "P-14130(Install/Upgrade)V-23.2.0", "P-14547(General)V-23.2.0.0.2", "P-14130(Install/Upgrade)V-23.3.1", "P-2283(PSR Designer)V-7.4.0.7.0", "P-14547(Install/Upgrade)V-23.3.0.0.0", "P-2545(Third Party)V-12.2.1.4.0", "P-14118(Install/Upgrade)V-23.3.1", "P-8496V-8.1.0.24.0", "P-10198V-12.2.1.4.0", "P-9437V-15.0.0.0.0", "P-4461V-9.3.6", "P-14119(Signaling)V-23.3.1", "P-14123V-23.3.0", "P-14547(Third Party)V-23.3.0.0.0", "P-4623V-15.0.0.0.0", "P-11516V-21.0.0-23.0.0", "P-12985V-12.0.6.0.0", "P-4623V-12.0.6.0.0", "P-5085V-8.59", "P-14547(General)V-23.3.0.0.0", "P-12985V-15.0.0.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0", "P-2545(Third Party)V-14.1.1.0.0", "P-9633V-11.3.2", "P-11516V-20.0.1", "P-2283(PSR Designer)V-7.4.1.5.0", "P-2283(PSR Designer)V-7.4.2.8.0", "P-13497V-Oracle GraalVM for JDK:21.0.1", "P-14547(Third Party)V-23.2.0.0.2", "P-5085V-8.61", "P-5085V-8.60", "P-14547(Install/Upgrade)V-23.2.0.0.2" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Grid Infrastructure)V-19.3-19.21", "P-9456V-Prior to 23.3.0", "P-5(Grid Infrastructure)V-21.3-21.12", "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6", "P-10770V-9.4.53", "P-11052V-9.4.53" ] }, { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-11528V-3.0.4" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9456V-Prior to 23.3.0" ] }, { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-10770V-9.4.53", "P-11052V-9.4.53" ] }, { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-1870V-Prior to 22.1.1.19.0", "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12", "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6" ] } ] }, { "cve": "CVE-2023-44981", "ids": [ { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "35966052" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35966020" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Data Analytics Function", "text": "35966019" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: Automated Test Suite (Apache ZooKeeper)). Supported versions that are affected are 23.3.0 and 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Data Analytics Function accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Data Analytics Function accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Manager (Apache ZooKeeper)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.17 and 22.12.0-22.12.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Apache ZooKeeper)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Service Catalog and Design accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Service Catalog and Design accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.11", "P-10354V-21.12.0-21.12.17", "P-14489V-23.4.0", "P-10354V-19.12.0-19.12.16", "P-14489V-23.3.0", "P-2283V-7.4.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14489V-23.4.0", "P-14489V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994863.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.11", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16" ], "url": "https://support.oracle.com/rs?type=doc&id=2993521.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14489V-23.4.0", "P-14489V-23.3.0", "P-2283V-7.4.2.8.0" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.11", "P-10354V-21.12.0-21.12.17", "P-10354V-19.12.0-19.12.16" ] } ] }, { "cve": "CVE-2023-45143", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "36043982" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). The supported version that is affected is Oracle GraalVM for JDK: 21.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM for JDK. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM for JDK:21.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:21.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:21.0.1" ] } ] }, { "cve": "CVE-2023-45145", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Fraud Monitor", "text": "36019635" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "36019633" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Fraud Monitor product of Oracle Communications (component: Infrastructure (Redis)). Supported versions that are affected are 5.0 and 5.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Fraud Monitor executes to compromise Oracle Communications Fraud Monitor. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Fraud Monitor accessible data as well as unauthorized read access to a subset of Oracle Communications Fraud Monitor accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Redis)). The supported version that is affected is 23.3.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Repository Function executes to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Repository Function accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.3.1", "P-10763V-5.0", "P-10763V-5.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10763V-5.0", "P-10763V-5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996604.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994837.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14118V-23.3.1", "P-10763V-5.0", "P-10763V-5.1" ] } ] }, { "cve": "CVE-2023-45648", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36066696" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35954098" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "35954097" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35950960" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35954090" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "35791400" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35902146" }, { "system_name": "Oracle Bug ID of Oracle Big Data Spatial and Graph", "text": "35954092" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Tomcat)). Supported versions that are affected are 5.5.0-5.5.19 and 6.0.0-6.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications Applications (component: PSR Designer (Apache Tomcat)). The supported version that is affected is 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Service Catalog and Design accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Grid Infrastructure (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). The supported version that is affected is 3.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Big Data Spatial and Graph. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Big Data Spatial and Graph accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Managed File Transfer. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI , UI (Apache Tomcat)). Supported versions that are affected are Prior to 23.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9011V-Prior to 23.12", "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3", "P-10198V-12.2.1.4.0", "P-4461V-9.3.6", "P-10899V-8.6.0.0", "P-2283V-7.4.2.8.0", "P-11528V-3.0.4" ], "known_not_affected": [ "P-5(Grid Infrastructure)V-21.3-21.12", "P-5(Grid Infrastructure)V-19.3-19.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2993347.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2997814.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992416.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994879.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12", "P-11528V-3.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-Prior to 23.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2993345.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9011V-Prior to 23.12", "P-10198V-12.2.1.4.0", "P-4461V-9.3.6" ] }, { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-5.5.0-5.5.19", "P-14597V-6.0.0-6.0.3" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0", "P-2283V-7.4.2.8.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-11528V-3.0.4" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-45802", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35958438" }, { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "36123753" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache HTTP Server)). Supported versions that are affected are 5.0.0-5.5.19 and 6.0.0-6.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.0.0-6.0.3", "P-14597V-5.0.0-5.5.19" ], "known_not_affected": [ "P-1522V-Prior to 18.1.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0.0-6.0.3", "P-14597V-5.0.0-5.5.19" ], "url": "https://support.oracle.com/rs?type=doc&id=2997814.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1522V-Prior to 18.1.0.2.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-6.0.0-6.0.3", "P-14597V-5.0.0-5.5.19" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1522V-Prior to 18.1.0.2.0" ] } ] }, { "cve": "CVE-2023-46589", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "36110054" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "36066696" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "36110074" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "36110068" }, { "system_name": "Oracle Bug ID of Graph Server and Client", "text": "36110091" }, { "system_name": "Oracle Bug ID of Oracle Big Data Spatial and Graph", "text": "35954092" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (Apache Tomcat)). Supported versions that are affected are 12.6.1.0.0 and 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Graph Server and Client product of Oracle Graph Server and Client (component: Packaging (Apache Tomcat)). Supported versions that are affected are Prior to 22.4.6 and Prior to 23.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Graph Server and Client. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Graph Server and Client accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Platform Service, Workbench (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Grid Infrastructure (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.36 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). The supported version that is affected is 3.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Big Data Spatial and Graph. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Big Data Spatial and Graph accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2", "P-10900V-15.0.0.0.0", "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6", "P-10900V-12.6.1.0.0", "P-8480V-8.0.36 and prior", "P-11528V-3.0.4" ], "known_not_affected": [ "P-5(Grid Infrastructure)V-21.3-21.12", "P-5(Grid Infrastructure)V-19.3-19.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0", "P-10900V-12.6.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994869.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12", "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6", "P-11528V-3.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2993583.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.36 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-10900V-15.0.0.0.0", "P-14069V-Prior to 23.4.0", "P-14069V-Prior to 22.4.6", "P-10900V-12.6.1.0.0", "P-8480V-8.0.36 and prior", "P-11528V-3.0.4" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Grid Infrastructure)V-19.3-19.21", "P-5(Grid Infrastructure)V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-46604", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "35987630" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "36023149" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "36023147" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "36023142" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "36023152" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "36023143" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Apache ActiveMQ)). Supported versions that are affected are 9.0.0.0.0-9.0.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Apache ActiveMQ)). Supported versions that are affected are 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in takeover of Oracle Banking APIs. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Apache ActiveMQ)). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Security (Apache ActiveMQ)). Supported versions that are affected are 9.0.0.0.0-9.0.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache ActiveMQ)). Supported versions that are affected are 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache ActiveMQ)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10770V-9.0.0.0.0-9.0.2.0.1", "P-11052V-9.0.0.0.0-9.0.2.0.1", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-12605V-22.1.0", "P-13676V-22.1.0", "P-5680V-8.1.2", "P-12605V-22.2.0", "P-13676V-22.2.0", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5680V-8.0.9", "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0.0.0-9.0.2.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994838.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12605V-22.1.0", "P-13676V-22.1.0", "P-12605V-22.2.0", "P-13676V-22.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5680V-8.0.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2995877.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0.0.0-9.0.2.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2994862.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10770V-9.0.0.0.0-9.0.2.0.1", "P-11052V-9.0.0.0.0-9.0.2.0.1", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-12605V-22.1.0", "P-13676V-22.1.0", "P-5680V-8.1.2", "P-12605V-22.2.0", "P-13676V-22.2.0", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5680V-8.0.9", "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-47248", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14634V-22.3-23.8", "P-14634V-23.9.0-23.9.4", "P-14634V-23.10" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Autonomous Health Framework (Apache PyArrow)", "text": "36074410" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Autonomous Health Framework (Apache PyArrow) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14634V-22.3-23.8", "P-14634V-23.10", "P-14634V-23.9.0-23.9.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-22.3-23.8", "P-14634V-23.9.0-23.9.4", "P-14634V-23.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-22.3-23.8", "P-14634V-23.9.0-23.9.4", "P-14634V-23.10" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14634V-22.3-23.8", "P-14634V-23.9.0-23.9.4", "P-14634V-23.10" ] } ] }, { "cve": "CVE-2023-48795", "flags": [ { "date": "2024-01-16T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-12753V-Prior to 12.2.0.1.40" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Global Lifecycle Management OPatch", "text": "36146336" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Global Lifecycle Management OPatch product of Oracle Global Lifecycle Management (component: Patch Installer (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-12753V-Prior to 12.2.0.1.40" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12753V-Prior to 12.2.0.1.40" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-12753V-Prior to 12.2.0.1.40" ] } ], "threats": [ { "category": "impact", "date": "2024-01-16T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-12753V-Prior to 12.2.0.1.40" ] } ] }, { "cve": "CVE-2023-49093", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "36095350" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (NekoHTML)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-4911", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35972238" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (glibc)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Security Edge Protection Proxy executes to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14123V-23.3.0" ] } ] }, { "cve": "CVE-2023-50164", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "35551747" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "36110887" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "36110886" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (Apache Struts)). Supported versions that are affected are 12.6.1.0.0 and 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Struts)). Supported versions that are affected are 8.0.36 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Struts)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.14.0.000", "P-10900V-12.6.1.0.0", "P-10900V-15.0.0.0.0", "P-8480V-8.0.36 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0", "P-10900V-12.6.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994869.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.36 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.14.0.000", "P-10900V-15.0.0.0.0", "P-10900V-12.6.1.0.0", "P-8480V-8.0.36 and prior" ] } ] }, { "cve": "CVE-2023-5072", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "35913580" }, { "system_name": "Oracle Bug ID of Oracle Service Bus", "text": "35919146" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35919882" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35954707" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Calculation Manager", "text": "35954759" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "36060179" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35954703" }, { "system_name": "Oracle Bug ID of Oracle Communications Pricing Design Center", "text": "36042591" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate", "text": "35954744" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Content", "text": "35954777" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Financial Data Quality Management, Enterprise Edition", "text": "35954666" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergence", "text": "35954710" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "35954721" }, { "system_name": "Oracle Bug ID of Primavera P6 Enterprise Project Portfolio Management", "text": "35954787" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "35954713" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35954685" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35954696" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "35954676" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "36121809" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Planning", "text": "35954760" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "36119436" }, { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "35961317" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Financial Data Quality Management, Enterprise Edition product of Oracle Hyperion (component: Security (JSON-java)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Financial Data Quality Management, Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Financial Data Quality Management, Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (JSON-java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (JSON-java)). Supported versions that are affected are 19.1.0, 21.1.0, 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Majel Mobile Service (JSON-java)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench (JSON-java)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (JSON-java)). The supported version that is affected is 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Configuration (JSON-java)). The supported version that is affected is 3.0.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Convergence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (JSON-java)). The supported version that is affected is 12.6.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (JSON-java)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate (JSON-java)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.231017 and 21.3-21.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GoldenGate. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Calculation Manager product of Oracle Hyperion (component: Security (JSON-java)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Calculation Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Calculation Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Planning product of Oracle Hyperion (component: Security (JSON-java)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Planning. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server (JSON-java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Content. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web (JSON-java)). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.20, 21.12.0-21.12.17 and 22.12.0-22.12.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Tools (JSON-java)). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Services Manager (JSON-java)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0 and 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Open Search, Elastic Search, Web Server (JSON-java)). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (JSON-java)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (JSON-java)). The supported version that is affected is 23.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (JSON-java)). Supported versions that are affected are 19.1.0, 21.1.0, 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: BPM Composer (JSON-java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (JSON-java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Service Bus. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-5325V-12.2.1.4.0", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.4", "P-12605V-22.1.0", "P-12605V-22.2.0", "P-5579V-19.12.0-19.12.22", "P-13676V-22.1.0", "P-13676V-22.2.0", "P-13676V-19.1.0", "P-4402V-11.2.14.0.000", "P-14122V-23.3.1", "P-9437V-15.0.0.0.0", "P-5308V-12.2.1.4.0", "P-10900V-12.6.1.0.0", "P-8501V-3.0.3.3", "P-5579V-20.12.0-20.12.20", "P-14123V-23.3.0", "P-5685V-11.2.14.0.000", "P-13497V-Oracle GraalVM for JDK:17.0.9", "P-13497V-Oracle GraalVM Enterprise Edition:20.3.12", "P-12605V-21.1.0", "P-13676V-21.1.0", "P-14119V-23.3.1", "P-5085V-8.59", "P-5579V-22.12.0-22.12.10", "P-5579V-21.12.0-21.12.17", "P-10664V-11.2.14.0.000", "P-9437V-12.0.0.4.0-12.0.0.8.0", "P-5757V-19.1.0.0.0-19.1.0.0.231017", "P-4392V-11.2.14.0.000", "P-9633V-11.3.2", "P-12605V-19.1.0", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.8", "P-13497V-Oracle GraalVM for JDK:21.0.1", "P-4647V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2271V-12.2.1.4.0", "P-5085V-8.61", "P-5085V-8.60", "P-5757V-21.3-21.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.14.0.000", "P-4402V-11.2.14.0.000", "P-10664V-11.2.14.0.000", "P-5685V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5308V-12.2.1.4.0", "P-4647V-12.2.1.4.0", "P-2271V-12.2.1.4.0", "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12605V-22.1.0", "P-12605V-21.1.0", "P-12605V-22.2.0", "P-13676V-22.1.0", "P-13676V-21.1.0", "P-13676V-22.2.0", "P-12605V-19.1.0", "P-13676V-19.1.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2993583.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994878.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8501V-3.0.3.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2992469.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-12.6.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2994869.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5757V-19.1.0.0.0-19.1.0.0.231017", "P-5757V-21.3-21.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5579V-19.12.0-19.12.22", "P-5579V-22.12.0-22.12.10", "P-5579V-20.12.0-20.12.20", "P-5579V-21.12.0-21.12.17" ], "url": "https://support.oracle.com/rs?type=doc&id=2993521.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.9", "P-13497V-Oracle GraalVM Enterprise Edition:20.3.12", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.8", "P-13497V-Oracle GraalVM for JDK:21.0.1", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9437V-15.0.0.0.0", "P-9437V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992675.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.61", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2993343.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996603.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2996601.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0", "P-5325V-12.2.1.4.0", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.4", "P-12605V-22.1.0", "P-12605V-22.2.0", "P-5579V-19.12.0-19.12.22", "P-13676V-22.1.0", "P-13676V-22.2.0", "P-13676V-19.1.0", "P-4402V-11.2.14.0.000", "P-14122V-23.3.1", "P-9437V-15.0.0.0.0", "P-5308V-12.2.1.4.0", "P-10900V-12.6.1.0.0", "P-8501V-3.0.3.3", "P-5579V-20.12.0-20.12.20", "P-14123V-23.3.0", "P-5685V-11.2.14.0.000", "P-13497V-Oracle GraalVM for JDK:17.0.9", "P-13497V-Oracle GraalVM Enterprise Edition:20.3.12", "P-12605V-21.1.0", "P-13676V-21.1.0", "P-14119V-23.3.1", "P-5085V-8.59", "P-5579V-22.12.0-22.12.10", "P-5579V-21.12.0-21.12.17", "P-10664V-11.2.14.0.000", "P-9437V-12.0.0.4.0-12.0.0.8.0", "P-4392V-11.2.14.0.000", "P-9633V-11.3.2", "P-12605V-19.1.0", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.8", "P-13497V-Oracle GraalVM for JDK:21.0.1", "P-4647V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2271V-12.2.1.4.0", "P-5085V-8.61", "P-5085V-8.60" ] }, { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5757V-19.1.0.0.0-19.1.0.0.231017", "P-5757V-21.3-21.12" ] } ] }, { "cve": "CVE-2023-5363", "ids": [ { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "36033678" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35702892" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "36033680" }, { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "36033685" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "36033684" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "36033683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.36 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Workbench accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8576(Connector/ODBC)V-8.2.0 and prior", "P-8478V-8.0.35 and prior", "P-8576(Connector/ODBC)V-8.0.35 and prior", "P-1042V-12.2.1.4.0", "P-8576(Connector/C++)V-8.2.0 and prior", "P-8478V-8.2.0 and prior", "P-4627V-8.0.34 and prior", "P-8480V-8.0.36 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8576(Connector/ODBC)V-8.2.0 and prior", "P-8478V-8.0.35 and prior", "P-8576(Connector/ODBC)V-8.0.35 and prior", "P-8576(Connector/C++)V-8.2.0 and prior", "P-8478V-8.2.0 and prior", "P-4627V-8.0.34 and prior", "P-8480V-8.0.36 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-8576(Connector/ODBC)V-8.2.0 and prior", "P-8478V-8.0.35 and prior", "P-8576(Connector/ODBC)V-8.0.35 and prior", "P-8576(Connector/C++)V-8.2.0 and prior", "P-8478V-8.2.0 and prior", "P-4627V-8.0.34 and prior", "P-8480V-8.0.36 and prior" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-20903", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35949725" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Java VM)V-21.3-21.12", "P-5(Java VM)V-19.3-19.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Java VM)V-21.3-21.12", "P-5(Java VM)V-19.3-19.21" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5(Java VM)V-21.3-21.12", "P-5(Java VM)V-19.3-19.21" ] } ] }, { "acknowledgments": [ { "names": [ "AnhNH" ], "organization": "Sacombank" }, { "names": [ "ChauUHM" ], "organization": "Sacombank" }, { "names": [ "TungHT" ], "organization": "Sacombank" } ], "cve": "CVE-2024-20904", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "33842066" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2024-20905", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "33870619" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.0" ] } ] }, { "acknowledgments": [ { "names": [ "Massimiliano Brolli" ], "organization": "TIM Security Red Team Research" }, { "names": [ "Massimo Stifano" ], "organization": "TIM Security Red Team Research" }, { "names": [ "Maurizio Gatti" ], "organization": "TIM Security Red Team Research" } ], "cve": "CVE-2024-20906", "ids": [ { "system_name": "Oracle Bug ID of Integrated Lights Out Manager (ILOM)", "text": "34166957" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9849V-3", "P-9849V-4", "P-9849V-5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9849V-3", "P-9849V-4", "P-9849V-5" ], "url": "https://support.oracle.com/rs?type=doc&id=2992074.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9849V-3", "P-9849V-4", "P-9849V-5" ] } ] }, { "cve": "CVE-2024-20907", "ids": [ { "system_name": "Oracle Bug ID of Oracle Web Applications Desktop Integrator", "text": "34916520" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1171V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1171V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1171V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Victor Rodriguez" ] } ], "cve": "CVE-2024-20908", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Sites", "text": "35242584" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9617V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9617V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9617V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-20909", "ids": [ { "system_name": "Oracle Bug ID of Oracle Audit Vault and Database Firewall", "text": "35339369" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9749V-20.1-20.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9749V-20.1-20.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-9749V-20.1-20.9" ] } ] }, { "cve": "CVE-2024-20910", "ids": [ { "system_name": "Oracle Bug ID of Oracle Audit Vault and Database Firewall", "text": "35339389" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. While the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9749V-20.1-20.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9749V-20.1-20.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.0, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-9749V-20.1-20.9" ] } ] }, { "cve": "CVE-2024-20911", "ids": [ { "system_name": "Oracle Bug ID of Oracle Audit Vault and Database Firewall", "text": "35339409" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9749V-20.1-20.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9749V-20.1-20.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-9749V-20.1-20.9" ] } ] }, { "cve": "CVE-2024-20912", "ids": [ { "system_name": "Oracle Bug ID of Oracle Audit Vault and Database Firewall", "text": "35339412" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9749V-20.1-20.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9749V-20.1-20.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-9749V-20.1-20.9" ] } ] }, { "acknowledgments": [ { "names": [ "Mateusz Klement" ] } ], "cve": "CVE-2024-20913", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "32042292" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-20914", "ids": [ { "system_name": "Oracle Bug ID of Oracle ZFS Storage Appliance Kit", "text": "35708597" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10026V-8.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10026V-8.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992074.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10026V-8.8" ] } ] }, { "acknowledgments": [ { "names": [ "Siril James" ] } ], "cve": "CVE-2024-20915", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Object Library", "text": "35411549" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-510V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-510V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-510V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Patryk Rejchert" ], "organization": "STM Cyber" } ], "cve": "CVE-2024-20916", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "35491379" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986271.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.1" }, "products": [ "P-1370V-13.5.0.0" ] } ] }, { "acknowledgments": [ { "names": [ "Patryk Rejchert" ], "organization": "STM Cyber" }, { "names": [ "Piotr Konopko" ], "organization": "STM Cyber" } ], "cve": "CVE-2024-20917", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "35495130" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2986271.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "version": "3.1" }, "products": [ "P-1370V-13.5.0.0" ] } ] }, { "acknowledgments": [ { "names": [ "Yi Yang" ] } ], "cve": "CVE-2024-20918", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35550177" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] } ] }, { "cve": "CVE-2024-20919", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35580690" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] } ] }, { "cve": "CVE-2024-20920", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "35585006" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-11" ], "url": "https://support.oracle.com/rs?type=doc&id=2992074.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10006V-11" ] } ] }, { "cve": "CVE-2024-20921", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35594351" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] } ] }, { "cve": "CVE-2024-20922", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35601624" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] } ] }, { "cve": "CVE-2024-20923", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35601708" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] } ] }, { "cve": "CVE-2024-20924", "ids": [ { "system_name": "Oracle Bug ID of Oracle Audit Vault and Database Firewall", "text": "35620335" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Audit Vault and Database Firewall. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9749V-20.1-20.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9749V-20.1-20.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2986269.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9749V-20.1-20.9" ] } ] }, { "cve": "CVE-2024-20925", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35631489" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] } ] }, { "acknowledgments": [ { "names": [ "Valentin Eudeline" ] } ], "cve": "CVE-2024-20926", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35678514" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] } ] }, { "acknowledgments": [ { "names": [ "Professional Service Department" ], "organization": "Mitsui Bussan Secure Directions" } ], "cve": "CVE-2024-20927", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35692968" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.6 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Sritharun Gottipolu" ], "organization": "cigniti" } ], "cve": "CVE-2024-20928", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Content", "text": "35693325" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2271V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2271V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2271V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-20929", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Object Library", "text": "35714844" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-510V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-510V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-510V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-20930", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "35746157" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-2276V-8.5.6" ] } ] }, { "acknowledgments": [ { "names": [ "Glassy" ], "organization": "EagleCloud" } ], "cve": "CVE-2024-20931", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35797042" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Sergey Bylokhov" ], "organization": "Amazon" }, { "names": [ "Yakov Shafranovich" ], "organization": "Amazon Web Services" } ], "cve": "CVE-2024-20932", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35797136" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] } ] }, { "cve": "CVE-2024-20933", "ids": [ { "system_name": "Oracle Bug ID of Oracle Installed Base", "text": "35811084" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1118V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1118V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1118V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-20934", "ids": [ { "system_name": "Oracle Bug ID of Oracle Installed Base", "text": "35811256" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1118V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1118V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1118V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-20935", "ids": [ { "system_name": "Oracle Bug ID of Oracle Installed Base", "text": "35811265" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1118V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1118V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1118V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-20936", "ids": [ { "system_name": "Oracle Bug ID of Oracle One-to-One Fulfillment", "text": "35811785" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data as well as unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1379V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1379V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1379V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-20937", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35825018" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.1" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20938", "ids": [ { "system_name": "Oracle Bug ID of Oracle iStore", "text": "35828400" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-384V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-384V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-384V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20939", "ids": [ { "system_name": "Oracle Bug ID of Oracle CRM Technical Foundation", "text": "35828405" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1199V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1199V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-1199V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20940", "ids": [ { "system_name": "Oracle Bug ID of Oracle Knowledge Management", "text": "35828408" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Create, Update, Authoring Flow). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1351V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1351V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1351V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20941", "ids": [ { "system_name": "Oracle Bug ID of Oracle Installed Base", "text": "35828517" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1118V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1118V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1118V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20942", "ids": [ { "system_name": "Oracle Bug ID of Oracle Complex Maintenance, Repair, and Overhaul", "text": "35828528" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: LOV). Supported versions that are affected are 11.5, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1184V-11.5", "P-1184V-12.1", "P-1184V-12.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1184V-11.5", "P-1184V-12.1", "P-1184V-12.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2993347.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1184V-11.5", "P-1184V-12.1", "P-1184V-12.2" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20943", "ids": [ { "system_name": "Oracle Bug ID of Oracle Knowledge Management", "text": "35833521" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1351V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1351V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1351V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20944", "ids": [ { "system_name": "Oracle Bug ID of Oracle iSupport", "text": "35833523" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data as well as unauthorized read access to a subset of Oracle iSupport accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-381V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-381V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-381V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-20945", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35837598" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] } ] }, { "cve": "CVE-2024-20946", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "35864102" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-11" ], "url": "https://support.oracle.com/rs?type=doc&id=2992074.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10006V-11" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20947", "ids": [ { "system_name": "Oracle Bug ID of Oracle Common Applications", "text": "35871387" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data as well as unauthorized read access to a subset of Oracle Common Applications accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1198V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1198V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1198V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20948", "ids": [ { "system_name": "Oracle Bug ID of Oracle Knowledge Management", "text": "35871391" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1351V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1351V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1351V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20949", "ids": [ { "system_name": "Oracle Bug ID of Oracle Customer Interaction History", "text": "35871393" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1374V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1374V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1374V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20950", "ids": [ { "system_name": "Oracle Bug ID of Oracle Customer Interaction History", "text": "35871394" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1374V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1374V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1374V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Andrej Å imko" ], "organization": "Accenture" } ], "cve": "CVE-2024-20951", "ids": [ { "system_name": "Oracle Bug ID of Oracle Customer Interaction History", "text": "35871395" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1374V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1374V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1374V-12.2.3-12.2.13" ] } ] }, { "acknowledgments": [ { "names": [ "Hubert Kario" ], "organization": "Red Hat" } ], "cve": "CVE-2024-20952", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35875553" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:17.0.9", "P-856V-Oracle Java SE:21.0.1", "P-856V-Oracle GraalVM Enterprise Edition:20.3.12", "P-856V-Oracle GraalVM Enterprise Edition:22.3.4", "P-856V-Oracle Java SE:11.0.21", "P-856V-Oracle Java SE:8u391", "P-856V-Oracle GraalVM for JDK:21.0.1", "P-856V-Oracle Java SE:8u391-perf", "P-856V-Oracle GraalVM for JDK:17.0.9", "P-856V-Oracle GraalVM Enterprise Edition:21.3.8" ] } ] }, { "acknowledgments": [ { "names": [ "nexteam working with Trend Micro Zero Day Initiative" ] } ], "cve": "CVE-2024-20953", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35885573" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4461V-9.3.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2993347.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4461V-9.3.6" ] } ] }, { "cve": "CVE-2024-20955", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "35898628" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM for JDK:17.0.9", "P-13497V-Oracle GraalVM Enterprise Edition:20.3.12", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.4", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.8", "P-13497V-Oracle GraalVM for JDK:21.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.9", "P-13497V-Oracle GraalVM Enterprise Edition:20.3.12", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.8", "P-13497V-Oracle GraalVM for JDK:21.0.1", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2992318.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.9", "P-13497V-Oracle GraalVM Enterprise Edition:20.3.12", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.8", "P-13497V-Oracle GraalVM for JDK:21.0.1", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.4" ] } ] }, { "acknowledgments": [ { "names": [ "Tuan Anh Nguyen" ], "organization": "Viettel Cyber Security" } ], "cve": "CVE-2024-20956", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Product Lifecycle Management for Process", "text": "35917289" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4445V-Prior to 6.2.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4445V-Prior to 6.2.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2993347.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-4445V-Prior to 6.2.4.2" ] } ] }, { "cve": "CVE-2024-20957", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35977317" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.8.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.8.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2993346.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.8.1" ] } ] }, { "cve": "CVE-2024-20958", "ids": [ { "system_name": "Oracle Bug ID of Oracle Installed Base", "text": "36043858" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1118V-12.2.3-12.2.13" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1118V-12.2.3-12.2.13" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1118V-12.2.3-12.2.13" ] } ] }, { "cve": "CVE-2024-20959", "ids": [ { "system_name": "Oracle Bug ID of Oracle ZFS Storage Appliance Kit", "text": "35797648" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10026V-8.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10026V-8.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2992074.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10026V-8.8" ] } ] }, { "cve": "CVE-2024-20960", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35498378" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20961", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35621842" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Suyang Zhong" ] } ], "cve": "CVE-2024-20962", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35654240" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20963", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35764496" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20964", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "32764586" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20965", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35846221" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "36127428" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.32 and prior, 7.6.28 and prior, 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8479V-7.5.32 and prior", "P-8479V-7.6.28 and prior", "P-8479V-8.2.0 and prior", "P-8478V-8.2.0 and prior", "P-8479V-8.0.35 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8479V-7.5.32 and prior", "P-8479V-7.6.28 and prior", "P-8479V-8.2.0 and prior", "P-8478V-8.2.0 and prior", "P-8479V-8.0.35 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8479V-7.5.32 and prior", "P-8479V-7.6.28 and prior", "P-8479V-8.2.0 and prior", "P-8478V-8.2.0 and prior", "P-8479V-8.0.35 and prior" ] } ] }, { "cve": "CVE-2024-20966", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "33725447" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20967", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "33934013" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20968", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35398028" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0", "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2024-20969", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35449266" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20970", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35471471" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2024-20971", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35627798" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2024-20972", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35710179" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2024-20973", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35710183" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2024-20974", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35710213" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2024-20975", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35710218" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2024-20976", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35710373" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2024-20977", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35710383" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2024-20978", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35710404" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Shayan Mashoof Chinjani" ], "organization": "Kian Amn Sadra" } ], "cve": "CVE-2024-20979", "ids": [ { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "35729771" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0", "P-1479V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0", "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0", "P-1479V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Shayan Mashoof Chinjani" ], "organization": "Kian Amn Sadra" } ], "cve": "CVE-2024-20980", "ids": [ { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "35729781" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2024-20981", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35735937" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Zu-Ming Jiang" ] } ], "cve": "CVE-2024-20982", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35738548" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20983", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35846140" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2024-20984", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35853298" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20985", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35889261" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2992139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.35 and prior", "P-8478V-8.2.0 and prior" ] } ] }, { "cve": "CVE-2024-20986", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "36007364" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991923.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-20987", "ids": [ { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "36070110" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2991925.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-12.2.1.4.0" ] } ] } ] }