{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "publisher": { "category": "vendor", "name": "Oracle", "namespace": "https://www.oracle.com" }, "references": [ { "summary": "URL to html version of Advisory", "url": "https://www.oracle.com/security-alerts/cpujul2023.html" }, { "category": "self", "summary": "URL to CSAF version of Advisory", "url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2023csaf.json" } ], "title": "Oracle Critical Patch Update Advisory - July 2023 - Oracle CSAF", "tracking": { "current_release_date": "2023-07-18T13:00:00-07:00", "id": "CPUJul2023csaf", "initial_release_date": "2023-07-18T13:00:00-07:00", "revision_history": [ { "date": "2023-07-18T13:00:00-07:00", "number": "1", "summary": "Initial Release" } ], "status": "draft", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "BI Publisher Version 6.4.0.0.0", "product": { "name": "BI Publisher Version 6.4.0.0.0", "product_id": "P-1479V-6.4.0.0.0" } }, { "category": "product_version", "name": "BI Publisher Version 7.0.0.0.0", "product": { "name": "BI Publisher Version 7.0.0.0.0", "product_id": "P-1479V-7.0.0.0.0" } } ], "category": "product_name", "name": "BI Publisher" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition(Presentation Services) Version 12.2.1.4.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition(Presentation Services) Version 12.2.1.4.0", "product_id": "P-2025(Presentation Services)V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition(Service Administration UI) Version 12.2.1.4.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition(Service Administration UI) Version 12.2.1.4.0", "product_id": "P-2025(Service Administration UI)V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0", "product_id": "P-2025V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition(Analytics Server) Version 6.4.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition(Analytics Server) Version 6.4.0.0.0", "product_id": "P-2025(Analytics Server)V-6.4.0.0.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition(Presentation Services) Version 6.4.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition(Presentation Services) Version 6.4.0.0.0", "product_id": "P-2025(Presentation Services)V-6.4.0.0.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 6.4.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 6.4.0.0.0", "product_id": "P-2025V-6.4.0.0.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition(Analytics Server) Version 7.0.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition(Analytics Server) Version 7.0.0.0.0", "product_id": "P-2025(Analytics Server)V-7.0.0.0.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition(Presentation Services) Version 7.0.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition(Presentation Services) Version 7.0.0.0.0", "product_id": "P-2025(Presentation Services)V-7.0.0.0.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 7.0.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 7.0.0.0.0", "product_id": "P-2025V-7.0.0.0.0" } } ], "category": "product_name", "name": "Oracle Business Intelligence Enterprise Edition" } ], "category": "product_family", "name": "Oracle Analytics" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Application Express Administration Version Application Express Administration: 18.2-22.2", "product": { "name": "Application Express Administration Version Application Express Administration: 18.2-22.2", "product_id": "P-1348V-Application Express Administration: 18.2-22.2" } } ], "category": "product_name", "name": "Application Express Administration" }, { "branches": [ { "category": "product_version_range", "name": "Application Express Customers Plugin Version Application Express Customers Plugin: 18.2-22.2", "product": { "name": "Application Express Customers Plugin Version Application Express Customers Plugin: 18.2-22.2", "product_id": "P-1348V-Application Express Customers Plugin: 18.2-22.2" } } ], "category": "product_name", "name": "Application Express Customers Plugin" }, { "branches": [ { "category": "product_version_range", "name": "Application Express Team Calendar Plugin Version Application Express Team Calendar Plugin: 18.2-22.1", "product": { "name": "Application Express Team Calendar Plugin Version Application Express Team Calendar Plugin: 18.2-22.1", "product_id": "P-1348V-Application Express Team Calendar Plugin: 18.2-22.1" } } ], "category": "product_name", "name": "Application Express Team Calendar Plugin" } ], "category": "product_family", "name": "Oracle Application Express" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Big Data Spatial and Graph Version 3.0", "product": { "name": "Oracle Big Data Spatial and Graph Version 3.0", "product_id": "P-11528V-3.0" } } ], "category": "product_name", "name": "Oracle Big Data Spatial and Graph" } ], "category": "product_family", "name": "Oracle Big Data Spatial and Graph" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Commerce Guided Search Version 11.3.2", "product": { "name": "Oracle Commerce Guided Search Version 11.3.2", "product_id": "P-9633V-11.3.2" } } ], "category": "product_name", "name": "Oracle Commerce Guided Search" }, { "branches": [ { "category": "product_version", "name": "Oracle Commerce Platform Version 11.3.0", "product": { "name": "Oracle Commerce Platform Version 11.3.0", "product_id": "P-9348V-11.3.0" } }, { "category": "product_version", "name": "Oracle Commerce Platform Version 11.3.1", "product": { "name": "Oracle Commerce Platform Version 11.3.1", "product_id": "P-9348V-11.3.1" } }, { "category": "product_version", "name": "Oracle Commerce Platform Version 11.3.2", "product": { "name": "Oracle Commerce Platform Version 11.3.2", "product_id": "P-9348V-11.3.2" } } ], "category": "product_name", "name": "Oracle Commerce Platform" } ], "category": "product_family", "name": "Oracle Commerce" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 22.4.1", "product": { "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 22.4.1", "product_id": "P-14488V-22.4.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 23.1.0", "product_id": "P-14488V-23.1.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 23.1.1", "product": { "name": "Oracle Communications Cloud Native Core Automated Test Suite Version 23.1.1", "product_id": "P-14488V-23.1.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Automated Test Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Binding Support Function Version 22.4.0", "product": { "name": "Oracle Communications Cloud Native Core Binding Support Function Version 22.4.0", "product_id": "P-14121V-22.4.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.1.0", "product_id": "P-14121V-23.1.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Binding Support Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Console Version 22.4.2", "product": { "name": "Oracle Communications Cloud Native Core Console Version 22.4.2", "product_id": "P-14250V-22.4.2" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Console Version 23.1.1", "product": { "name": "Oracle Communications Cloud Native Core Console Version 23.1.1", "product_id": "P-14250V-23.1.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Console" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 22.4.3", "product": { "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 22.4.3", "product_id": "P-14122V-22.4.3" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 23.1.2", "product": { "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 23.1.2", "product_id": "P-14122V-23.1.2" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Exposure Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.1.0", "product_id": "P-14125V-23.1.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 22.4.2", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 22.4.2", "product_id": "P-14118V-22.4.2" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 22.4.3", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 22.4.3", "product_id": "P-14118V-22.4.3" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.1.0", "product_id": "P-14118V-23.1.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.1.1", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.1.1", "product_id": "P-14118V-23.1.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.2.0", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.2.0", "product_id": "P-14118V-23.2.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Repository Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Policy Version 22.4.0", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 22.4.0", "product_id": "P-14277V-22.4.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Policy Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 23.1.0", "product_id": "P-14277V-23.1.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Policy Version 23.2.0", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 23.2.0", "product_id": "P-14277V-23.2.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Policy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.3.2", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.3.2", "product_id": "P-14123V-22.3.2" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.4.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.4.0", "product_id": "P-14123V-22.4.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.4.3", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 22.4.3", "product_id": "P-14123V-22.4.3" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.0", "product_id": "P-14123V-23.1.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.1", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.1", "product_id": "P-14123V-23.1.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.2", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.2", "product_id": "P-14123V-23.1.2" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 22.4.0", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 22.4.0", "product_id": "P-14117V-22.4.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 23.1.0", "product_id": "P-14117V-23.1.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Service Communication Proxy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.1.1", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.1.1", "product_id": "P-14119V-23.1.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Unified Data Repository" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Converged Application Server - Service Controller Version 6.2.0", "product": { "name": "Oracle Communications Converged Application Server - Service Controller Version 6.2.0", "product_id": "P-10593V-6.2.0" } } ], "category": "product_name", "name": "Oracle Communications Converged Application Server - Service Controller" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Diameter Signaling Router Version 8.6.0.0", "product": { "name": "Oracle Communications Diameter Signaling Router Version 8.6.0.0", "product_id": "P-10899V-8.6.0.0" } } ], "category": "product_name", "name": "Oracle Communications Diameter Signaling Router" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director Version 23.1.0", "product": { "name": "Oracle Communications Network Analytics Data Director Version 23.1.0", "product_id": "P-14547V-23.1.0" } } ], "category": "product_name", "name": "Oracle Communications Network Analytics Data Director" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Operations Monitor Version 5.0", "product": { "name": "Oracle Communications Operations Monitor Version 5.0", "product_id": "P-10761V-5.0" } }, { "category": "product_version", "name": "Oracle Communications Operations Monitor Version 5.1", "product": { "name": "Oracle Communications Operations Monitor Version 5.1", "product_id": "P-10761V-5.1" } } ], "category": "product_name", "name": "Oracle Communications Operations Monitor" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Operations Monitor Version 5.0", "product": { "name": "Oracle Enterprise Operations Monitor Version 5.0", "product_id": "P-10762V-5.0" } }, { "category": "product_version", "name": "Oracle Enterprise Operations Monitor Version 5.1", "product": { "name": "Oracle Enterprise Operations Monitor Version 5.1", "product_id": "P-10762V-5.1" } } ], "category": "product_name", "name": "Oracle Enterprise Operations Monitor" }, { "branches": [ { "category": "product_version", "name": "Oracle SD-WAN Edge Version 9.1.1.5.0", "product": { "name": "Oracle SD-WAN Edge Version 9.1.1.5.0", "product_id": "P-13940V-9.1.1.5.0" } } ], "category": "product_name", "name": "Oracle SD-WAN Edge" } ], "category": "product_family", "name": "Oracle Communications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4.0-12.0.0.6.0", "product": { "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4.0-12.0.0.6.0", "product_id": "P-9742V-12.0.0.4.0-12.0.0.6.0" } }, { "category": "product_version_range", "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4.0-12.0.0.8.0", "product": { "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4.0-12.0.0.8.0", "product_id": "P-9742V-12.0.0.4.0-12.0.0.8.0" } } ], "category": "product_name", "name": "Oracle Communications BRM - Elastic Charging Engine" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Billing and Revenue Management Version 12.0.0.4.0-12.0.0.7.0", "product": { "name": "Oracle Communications Billing and Revenue Management Version 12.0.0.4.0-12.0.0.7.0", "product_id": "P-2136V-12.0.0.4.0-12.0.0.7.0" } }, { "category": "product_version_range", "name": "Oracle Communications Billing and Revenue Management Version 12.0.0.4.0-12.0.0.8.0", "product": { "name": "Oracle Communications Billing and Revenue Management Version 12.0.0.4.0-12.0.0.8.0", "product_id": "P-2136V-12.0.0.4.0-12.0.0.8.0" } } ], "category": "product_name", "name": "Oracle Communications Billing and Revenue Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Calendar Server Version 8.0.0.2.0-8.0.0.7.0", "product": { "name": "Oracle Communications Calendar Server Version 8.0.0.2.0-8.0.0.7.0", "product_id": "P-8494V-8.0.0.2.0-8.0.0.7.0" } } ], "category": "product_name", "name": "Oracle Communications Calendar Server" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Contacts Server Version 8.0.0.6.0-8.0.0.8.0", "product": { "name": "Oracle Communications Contacts Server Version 8.0.0.6.0-8.0.0.8.0", "product_id": "P-10696V-8.0.0.6.0-8.0.0.8.0" } } ], "category": "product_name", "name": "Oracle Communications Contacts Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Convergence Version 3.0.3.2", "product": { "name": "Oracle Communications Convergence Version 3.0.3.2", "product_id": "P-8501V-3.0.3.2" } } ], "category": "product_name", "name": "Oracle Communications Convergence" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Convergent Charging Controller Version 12.0.3.0.0-12.0.6.0.0", "product": { "name": "Oracle Communications Convergent Charging Controller Version 12.0.3.0.0-12.0.6.0.0", "product_id": "P-12985V-12.0.3.0.0-12.0.6.0.0" } }, { "category": "product_version", "name": "Oracle Communications Convergent Charging Controller Version 12.0.6.0.0", "product": { "name": "Oracle Communications Convergent Charging Controller Version 12.0.6.0.0", "product_id": "P-12985V-12.0.6.0.0" } } ], "category": "product_name", "name": "Oracle Communications Convergent Charging Controller" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Design Studio Version 7.4.0.7.0", "product": { "name": "Oracle Communications Design Studio Version 7.4.0.7.0", "product_id": "P-2283V-7.4.0.7.0" } }, { "category": "product_version", "name": "Oracle Communications Design Studio Version 7.4.1.5.0", "product": { "name": "Oracle Communications Design Studio Version 7.4.1.5.0", "product_id": "P-2283V-7.4.1.5.0" } }, { "category": "product_version", "name": "Oracle Communications Design Studio Version 7.4.2.8.0", "product": { "name": "Oracle Communications Design Studio Version 7.4.2.8.0", "product_id": "P-2283V-7.4.2.8.0" } } ], "category": "product_name", "name": "Oracle Communications Design Studio" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Instant Messaging Server Version 10.0.1.7.0", "product": { "name": "Oracle Communications Instant Messaging Server Version 10.0.1.7.0", "product_id": "P-8495V-10.0.1.7.0" } } ], "category": "product_name", "name": "Oracle Communications Instant Messaging Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Messaging Server Version 8.1.0.21.0", "product": { "name": "Oracle Communications Messaging Server Version 8.1.0.21.0", "product_id": "P-8496V-8.1.0.21.0" } } ], "category": "product_name", "name": "Oracle Communications Messaging Server" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Network Charging and Control Version 12.0.3.0.0-12.0.6.0.0", "product": { "name": "Oracle Communications Network Charging and Control Version 12.0.3.0.0-12.0.6.0.0", "product_id": "P-4623V-12.0.3.0.0-12.0.6.0.0" } }, { "category": "product_version", "name": "Oracle Communications Network Charging and Control Version 12.0.6.0.0", "product": { "name": "Oracle Communications Network Charging and Control Version 12.0.6.0.0", "product_id": "P-4623V-12.0.6.0.0" } } ], "category": "product_name", "name": "Oracle Communications Network Charging and Control" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Network Integrity Version 7.3.6.4", "product": { "name": "Oracle Communications Network Integrity Version 7.3.6.4", "product_id": "P-4491V-7.3.6.4" } } ], "category": "product_name", "name": "Oracle Communications Network Integrity" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.3.5", "product": { "name": "Oracle Communications Order and Service Management Version 7.3.5", "product_id": "P-2270V-7.3.5" } }, { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.4.0", "product": { "name": "Oracle Communications Order and Service Management Version 7.4.0", "product_id": "P-2270V-7.4.0" } }, { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.4.1", "product": { "name": "Oracle Communications Order and Service Management Version 7.4.1", "product_id": "P-2270V-7.4.1" } } ], "category": "product_name", "name": "Oracle Communications Order and Service Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Pricing Design Center Version 12.0.0.4.0-12.0.0.7.0", "product": { "name": "Oracle Communications Pricing Design Center Version 12.0.0.4.0-12.0.0.7.0", "product_id": "P-9437V-12.0.0.4.0-12.0.0.7.0" } } ], "category": "product_name", "name": "Oracle Communications Pricing Design Center" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 5.5.0-5.5.16", "product": { "name": "Oracle Communications Unified Assurance Version 5.5.0-5.5.16", "product_id": "P-14597V-5.5.0-5.5.16" } }, { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 5.5.0-5.5.17", "product": { "name": "Oracle Communications Unified Assurance Version 5.5.0-5.5.17", "product_id": "P-14597V-5.5.0-5.5.17" } }, { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 6.0.0-6.0.2", "product": { "name": "Oracle Communications Unified Assurance Version 6.0.0-6.0.2", "product_id": "P-14597V-6.0.0-6.0.2" } } ], "category": "product_name", "name": "Oracle Communications Unified Assurance" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Unified Inventory Management Version 7.4.0-7.4.2", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.0-7.4.2", "product_id": "P-4516V-7.4.0-7.4.2" } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.4.1", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.1", "product_id": "P-4516V-7.4.1" } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.4.2", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.4.2", "product_id": "P-4516V-7.4.2" } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.5.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.5.0", "product_id": "P-4516V-7.5.0" } } ], "category": "product_name", "name": "Oracle Communications Unified Inventory Management" } ], "category": "product_family", "name": "Oracle Communications Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Primavera Gateway Version 18.8.0-18.8.15", "product": { "name": "Primavera Gateway Version 18.8.0-18.8.15", "product_id": "P-10605V-18.8.0-18.8.15" } }, { "category": "product_version_range", "name": "Primavera Gateway Version 19.12.0-19.12.16", "product": { "name": "Primavera Gateway Version 19.12.0-19.12.16", "product_id": "P-10605V-19.12.0-19.12.16" } }, { "category": "product_version_range", "name": "Primavera Gateway Version 20.12.0-20.12.11", "product": { "name": "Primavera Gateway Version 20.12.0-20.12.11", "product_id": "P-10605V-20.12.0-20.12.11" } }, { "category": "product_version_range", "name": "Primavera Gateway Version 21.12.0-21.12.9", "product": { "name": "Primavera Gateway Version 21.12.0-21.12.9", "product_id": "P-10605V-21.12.0-21.12.9" } } ], "category": "product_name", "name": "Primavera Gateway" }, { "branches": [ { "category": "product_version", "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.2", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.2", "product_id": "P-5579V-22.12.2" } }, { "category": "product_version", "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.3", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.3", "product_id": "P-5579V-22.12.3" } } ], "category": "product_name", "name": "Primavera P6 Enterprise Project Portfolio Management" }, { "branches": [ { "category": "product_version_range", "name": "Primavera Unifier Version 18.8.0-18.8.18", "product": { "name": "Primavera Unifier Version 18.8.0-18.8.18", "product_id": "P-10354V-18.8.0-18.8.18" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 19.12.0-19.12.16", "product": { "name": "Primavera Unifier Version 19.12.0-19.12.16", "product_id": "P-10354V-19.12.0-19.12.16" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 20.12.0-20.12.16", "product": { "name": "Primavera Unifier Version 20.12.0-20.12.16", "product_id": "P-10354V-20.12.0-20.12.16" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 21.12.0-21.12.15", "product": { "name": "Primavera Unifier Version 21.12.0-21.12.15", "product_id": "P-10354V-21.12.0-21.12.15" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 22.12.0-22.12.6", "product": { "name": "Primavera Unifier Version 22.12.0-22.12.6", "product_id": "P-10354V-22.12.0-22.12.6" } } ], "category": "product_name", "name": "Primavera Unifier" } ], "category": "product_family", "name": "Oracle Construction and Engineering" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Advanced Networking Option Version 19.3-19.19", "product": { "name": "Advanced Networking Option Version 19.3-19.19", "product_id": "P-219V-19.3-19.19" } }, { "category": "product_version_range", "name": "Advanced Networking Option Version 21.3-21.10", "product": { "name": "Advanced Networking Option Version 21.3-21.10", "product_id": "P-219V-21.3-21.10" } } ], "category": "product_name", "name": "Advanced Networking Option" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Database Server(Core) Version 19.3-19.19", "product": { "name": "Oracle Database Server(Core) Version 19.3-19.19", "product_id": "P-5(Core)V-19.3-19.19" } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 19.3-19.19", "product": { "name": "Oracle Database Server(Java VM) Version 19.3-19.19", "product_id": "P-5(Java VM)V-19.3-19.19" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database) Version 19.3-19.19", "product": { "name": "Oracle Database Server(Oracle Database) Version 19.3-19.19", "product_id": "P-5(Oracle Database)V-19.3-19.19" } }, { "category": "product_version_range", "name": "Oracle Database Server(Unified Audit) Version 19.3-19.19", "product": { "name": "Oracle Database Server(Unified Audit) Version 19.3-19.19", "product_id": "P-5(Unified Audit)V-19.3-19.19" } }, { "category": "product_version_range", "name": "Oracle Database Server(Core) Version 21.3-21.10", "product": { "name": "Oracle Database Server(Core) Version 21.3-21.10", "product_id": "P-5(Core)V-21.3-21.10" } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 21.3-21.10", "product": { "name": "Oracle Database Server(Java VM) Version 21.3-21.10", "product_id": "P-5(Java VM)V-21.3-21.10" } }, { "category": "product_version_range", "name": "Oracle Database Server(OML4Py) Version 21.3-21.10", "product": { "name": "Oracle Database Server(OML4Py) Version 21.3-21.10", "product_id": "P-5(OML4Py)V-21.3-21.10" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Workload Manager) Version 21.3-21.10", "product": { "name": "Oracle Database Server(Oracle Database Workload Manager) Version 21.3-21.10", "product_id": "P-5(Oracle Database Workload Manager)V-21.3-21.10" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database) Version 21.3-21.10", "product": { "name": "Oracle Database Server(Oracle Database) Version 21.3-21.10", "product_id": "P-5(Oracle Database)V-21.3-21.10" } }, { "category": "product_version_range", "name": "Oracle Database Server(Unified Audit) Version 21.3-21.10", "product": { "name": "Oracle Database Server(Unified Audit) Version 21.3-21.10", "product_id": "P-5(Unified Audit)V-21.3-21.10" } } ], "category": "product_name", "name": "Oracle Database Server" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Text Version 19.3-19.19", "product": { "name": "Oracle Text Version 19.3-19.19", "product_id": "P-211V-19.3-19.19" } }, { "category": "product_version_range", "name": "Oracle Text Version 21.3-21.10", "product": { "name": "Oracle Text Version 21.3-21.10", "product_id": "P-211V-21.3-21.10" } } ], "category": "product_name", "name": "Oracle Text" } ], "category": "product_family", "name": "Oracle Database Server" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Applications Framework Version 12.2.3-12.3.12", "product": { "name": "Oracle Applications Framework Version 12.2.3-12.3.12", "product_id": "P-1472V-12.2.3-12.3.12" } } ], "category": "product_name", "name": "Oracle Applications Framework" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Applications Technology Version 12.2.3-12.2.12", "product": { "name": "Oracle Applications Technology Version 12.2.3-12.2.12", "product_id": "P-1745V-12.2.3-12.2.12" } } ], "category": "product_name", "name": "Oracle Applications Technology" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Scripting Version 12.2.3-12.2.12", "product": { "name": "Oracle Scripting Version 12.2.3-12.2.12", "product_id": "P-433V-12.2.3-12.2.12" } } ], "category": "product_name", "name": "Oracle Scripting" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Self-Service Human Resources Version 12.2.3-12.2.12", "product": { "name": "Oracle Self-Service Human Resources Version 12.2.3-12.2.12", "product_id": "P-1566V-12.2.3-12.2.12" } } ], "category": "product_name", "name": "Oracle Self-Service Human Resources" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Web Applications Desktop Integrator Version 12.2.3-12.2.12", "product": { "name": "Oracle Web Applications Desktop Integrator Version 12.2.3-12.2.12", "product_id": "P-1171V-12.2.3-12.2.12" } } ], "category": "product_name", "name": "Oracle Web Applications Desktop Integrator" } ], "category": "product_family", "name": "Oracle E-Business Suite" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Application Testing Suite Version 13.3.0.1", "product": { "name": "Oracle Application Testing Suite Version 13.3.0.1", "product_id": "P-4622V-13.3.0.1" } } ], "category": "product_name", "name": "Oracle Application Testing Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager Ops Center Version 12.4.0.0", "product": { "name": "Oracle Enterprise Manager Ops Center Version 12.4.0.0", "product_id": "P-9835V-12.4.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager Ops Center" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager for Exadata Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager for Exadata Version 13.5.0.0", "product_id": "P-9584V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager for Exadata" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager for Fusion Middleware Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager for Fusion Middleware Version 13.5.0.0", "product_id": "P-1369V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager for Fusion Middleware" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager for Oracle Database Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager for Oracle Database Version 13.5.0.0", "product_id": "P-1366V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager for Oracle Database" } ], "category": "product_family", "name": "Oracle Enterprise Manager" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Essbase Version 21.4.3.0.0", "product": { "name": "Oracle Essbase Version 21.4.3.0.0", "product_id": "P-4379V-21.4.3.0.0" } } ], "category": "product_name", "name": "Oracle Essbase" }, { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Essbase Administration Services(EAS Administration and EAS Console) Version 21.4.3.0.0", "product": { "name": "Oracle Hyperion Essbase Administration Services(EAS Administration and EAS Console) Version 21.4.3.0.0", "product_id": "P-4380(EAS Administration and EAS Console)V-21.4.3.0.0" } } ], "category": "product_name", "name": "Oracle Hyperion Essbase Administration Services" } ], "category": "product_family", "name": "Oracle Essbase" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Banking APIs Version 18.2.0.0.0", "product": { "name": "Oracle Banking APIs Version 18.2.0.0.0", "product_id": "P-13676V-18.2.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 18.3.0.0.0", "product": { "name": "Oracle Banking APIs Version 18.3.0.0.0", "product_id": "P-13676V-18.3.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 19.1.0.0.0", "product": { "name": "Oracle Banking APIs Version 19.1.0.0.0", "product_id": "P-13676V-19.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 19.2.0.0.0", "product": { "name": "Oracle Banking APIs Version 19.2.0.0.0", "product_id": "P-13676V-19.2.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 21.1.0.0.0", "product": { "name": "Oracle Banking APIs Version 21.1.0.0.0", "product_id": "P-13676V-21.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 22.1.0.0.0", "product": { "name": "Oracle Banking APIs Version 22.1.0.0.0", "product_id": "P-13676V-22.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 22.2.0.0.0", "product": { "name": "Oracle Banking APIs Version 22.2.0.0.0", "product_id": "P-13676V-22.2.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking APIs" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Branch Version 14.5-14.7", "product": { "name": "Oracle Banking Branch Version 14.5-14.7", "product_id": "P-14324V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Branch" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Cash Management Version 14.7.0.2.0", "product": { "name": "Oracle Banking Cash Management Version 14.7.0.2.0", "product_id": "P-14195V-14.7.0.2.0" } }, { "category": "product_version", "name": "Oracle Banking Cash Management Version 14.7.1.0.0", "product": { "name": "Oracle Banking Cash Management Version 14.7.1.0.0", "product_id": "P-14195V-14.7.1.0.0" } } ], "category": "product_name", "name": "Oracle Banking Cash Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Corporate Lending Version 14.0-14.3", "product": { "name": "Oracle Banking Corporate Lending Version 14.0-14.3", "product_id": "P-12989V-14.0-14.3" } }, { "category": "product_version_range", "name": "Oracle Banking Corporate Lending Version 14.5-14.7", "product": { "name": "Oracle Banking Corporate Lending Version 14.5-14.7", "product_id": "P-12989V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Corporate Lending" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Corporate Lending Process Management Version 14.4-14.7", "product": { "name": "Oracle Banking Corporate Lending Process Management Version 14.4-14.7", "product_id": "P-13701V-14.4-14.7" } } ], "category": "product_name", "name": "Oracle Banking Corporate Lending Process Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Credit Facilities Process Management Version 14.7.1.0.0", "product": { "name": "Oracle Banking Credit Facilities Process Management Version 14.7.1.0.0", "product_id": "P-13703V-14.7.1.0.0" } } ], "category": "product_name", "name": "Oracle Banking Credit Facilities Process Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Digital Experience Version 18.2.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 18.2.0.0.0", "product_id": "P-12605V-18.2.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 18.3.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 18.3.0.0.0", "product_id": "P-12605V-18.3.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 19.1.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 19.1.0.0.0", "product_id": "P-12605V-19.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 19.2.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 19.2.0.0.0", "product_id": "P-12605V-19.2.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 21.1.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 21.1.0.0.0", "product_id": "P-12605V-21.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 22.1.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 22.1.0.0.0", "product_id": "P-12605V-22.1.0.0.0" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 22.2.0.0.0", "product": { "name": "Oracle Banking Digital Experience Version 22.2.0.0.0", "product_id": "P-12605V-22.2.0.0.0" } } ], "category": "product_name", "name": "Oracle Banking Digital Experience" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.5.0.8.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.5.0.8.0", "product_id": "P-13304V-14.5.0.8.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.6.0.3.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.6.0.3.0", "product_id": "P-13304V-14.6.0.3.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.6.0.4.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.6.0.4.0", "product_id": "P-13304V-14.6.0.4.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.7.0.1.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.7.0.1.0", "product_id": "P-13304V-14.7.0.1.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.7.0.2.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.7.0.2.0", "product_id": "P-13304V-14.7.0.2.0" } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.7.1.0.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.7.1.0.0", "product_id": "P-13304V-14.7.1.0.0" } } ], "category": "product_name", "name": "Oracle Banking Liquidity Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Origination Version 14.5-14.7", "product": { "name": "Oracle Banking Origination Version 14.5-14.7", "product_id": "P-14325V-14.5-14.7" } }, { "category": "product_version", "name": "Oracle Banking Origination Version 14.6", "product": { "name": "Oracle Banking Origination Version 14.6", "product_id": "P-14325V-14.6" } }, { "category": "product_version", "name": "Oracle Banking Origination Version 14.7", "product": { "name": "Oracle Banking Origination Version 14.7", "product_id": "P-14325V-14.7" } }, { "category": "product_version", "name": "Oracle Banking Origination Version 14.7.0", "product": { "name": "Oracle Banking Origination Version 14.7.0", "product_id": "P-14325V-14.7.0" } } ], "category": "product_name", "name": "Oracle Banking Origination" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Payments Version 14.5-14.7", "product": { "name": "Oracle Banking Payments Version 14.5-14.7", "product_id": "P-13011V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Payments" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Supply Chain Finance Version 14.7.0.2.0", "product": { "name": "Oracle Banking Supply Chain Finance Version 14.7.0.2.0", "product_id": "P-13872V-14.7.0.2.0" } }, { "category": "product_version", "name": "Oracle Banking Supply Chain Finance Version 14.7.1.0.0", "product": { "name": "Oracle Banking Supply Chain Finance Version 14.7.1.0.0", "product_id": "P-13872V-14.7.1.0.0" } } ], "category": "product_name", "name": "Oracle Banking Supply Chain Finance" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Trade Finance Version 14.0-14.3", "product": { "name": "Oracle Banking Trade Finance Version 14.0-14.3", "product_id": "P-14134V-14.0-14.3" } }, { "category": "product_version_range", "name": "Oracle Banking Trade Finance Version 14.5-14.7", "product": { "name": "Oracle Banking Trade Finance Version 14.5-14.7", "product_id": "P-14134V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Trade Finance" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Trade Finance Process Management Version 14.5.0.8.0", "product": { "name": "Oracle Banking Trade Finance Process Management Version 14.5.0.8.0", "product_id": "P-13718V-14.5.0.8.0" } }, { "category": "product_version", "name": "Oracle Banking Trade Finance Process Management Version 14.6.0.4.0", "product": { "name": "Oracle Banking Trade Finance Process Management Version 14.6.0.4.0", "product_id": "P-13718V-14.6.0.4.0" } }, { "category": "product_version", "name": "Oracle Banking Trade Finance Process Management Version 14.7.0.2.0", "product": { "name": "Oracle Banking Trade Finance Process Management Version 14.7.0.2.0", "product_id": "P-13718V-14.7.0.2.0" } }, { "category": "product_version", "name": "Oracle Banking Trade Finance Process Management Version 14.7.1.0.0", "product": { "name": "Oracle Banking Trade Finance Process Management Version 14.7.1.0.0", "product_id": "P-13718V-14.7.1.0.0" } } ], "category": "product_name", "name": "Oracle Banking Trade Finance Process Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Treasury Management Version 14.5-14.7", "product": { "name": "Oracle Banking Treasury Management Version 14.5-14.7", "product_id": "P-14133V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Treasury Management" }, { "branches": [ { "category": "product_version", "name": "Oracle FLEXCUBE Investor Servicing Version 14.7.0.0.0", "product": { "name": "Oracle FLEXCUBE Investor Servicing Version 14.7.0.0.0", "product_id": "P-9099V-14.7.0.0.0" } } ], "category": "product_name", "name": "Oracle FLEXCUBE Investor Servicing" }, { "branches": [ { "category": "product_version_range", "name": "Oracle FLEXCUBE Universal Banking Version 14.0-14.7", "product": { "name": "Oracle FLEXCUBE Universal Banking Version 14.0-14.7", "product_id": "P-9052V-14.0-14.7" } }, { "category": "product_version_range", "name": "Oracle FLEXCUBE Universal Banking Version 14.5-14.7", "product": { "name": "Oracle FLEXCUBE Universal Banking Version 14.5-14.7", "product_id": "P-9052V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle FLEXCUBE Universal Banking" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.7", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.7", "product_id": "P-5680V-8.0.7" } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.8", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.8", "product_id": "P-5680V-8.0.8" } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.0", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.0", "product_id": "P-5680V-8.1.0" } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.1", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.1", "product_id": "P-5680V-8.1.1" } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2", "product_id": "P-5680V-8.1.2" } } ], "category": "product_name", "name": "Oracle Financial Services Analytical Applications Infrastructure" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.0.8.1", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.0.8.1", "product_id": "P-9190V-8.0.8.1" } }, { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.1.1", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.1.1", "product_id": "P-9190V-8.1.1.1" } }, { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.4", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.4", "product_id": "P-9190V-8.1.2.4" } }, { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.5", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.5", "product_id": "P-9190V-8.1.2.5" } } ], "category": "product_name", "name": "Oracle Financial Services Behavior Detection Platform" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Compliance Studio Version 8.1.2.4", "product": { "name": "Oracle Financial Services Compliance Studio Version 8.1.2.4", "product_id": "P-14392V-8.1.2.4" } } ], "category": "product_name", "name": "Oracle Financial Services Compliance Studio" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.0.8.2", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.0.8.2", "product_id": "P-13545V-8.0.8.2" } }, { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.1.1.1", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.1.1.1", "product_id": "P-13545V-8.1.1.1" } }, { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.4", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.4", "product_id": "P-13545V-8.1.2.4" } }, { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.5", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.5", "product_id": "P-13545V-8.1.2.5" } } ], "category": "product_name", "name": "Oracle Financial Services Enterprise Case Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Version 8.0.8", "product": { "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Version 8.0.8", "product_id": "P-13789V-8.0.8" } } ], "category": "product_name", "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition" } ], "category": "product_family", "name": "Oracle Financial Services Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Hospitality Simphony Version 19.5", "product": { "name": "Oracle Hospitality Simphony Version 19.5", "product_id": "P-11594V-19.5" } } ], "category": "product_name", "name": "Oracle Hospitality Simphony" } ], "category": "product_family", "name": "Oracle Food and Beverage Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Access Manager Version 12.2.1.4.0", "product": { "name": "Oracle Access Manager Version 12.2.1.4.0", "product_id": "P-5565V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Access Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle BAM (Business Activity Monitoring) Version 12.2.1.4.0", "product": { "name": "Oracle BAM (Business Activity Monitoring) Version 12.2.1.4.0", "product_id": "P-1675V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle BAM (Business Activity Monitoring)" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Process Management Suite Version 12.2.1.4.0", "product": { "name": "Oracle Business Process Management Suite Version 12.2.1.4.0", "product_id": "P-5325V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Business Process Management Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Coherence Version 12.2.1.4.0", "product": { "name": "Oracle Coherence Version 12.2.1.4.0", "product_id": "P-2545V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Coherence Version 14.1.1.0.0", "product": { "name": "Oracle Coherence Version 14.1.1.0.0", "product_id": "P-2545V-14.1.1.0.0" } } ], "category": "product_name", "name": "Oracle Coherence" }, { "branches": [ { "category": "product_version", "name": "Oracle Data Integrator Version 12.2.1.4.0", "product": { "name": "Oracle Data Integrator Version 12.2.1.4.0", "product_id": "P-2196V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Data Integrator" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Data Quality Version 12.2.1.4.0", "product": { "name": "Oracle Enterprise Data Quality Version 12.2.1.4.0", "product_id": "P-9464V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Enterprise Data Quality" }, { "branches": [ { "category": "product_version", "name": "Oracle Fusion Middleware MapViewer Version 12.2.1.4.0", "product": { "name": "Oracle Fusion Middleware MapViewer Version 12.2.1.4.0", "product_id": "P-1215V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Fusion Middleware MapViewer" }, { "branches": [ { "category": "product_version", "name": "Oracle HTTP Server Version 12.2.1.4.0", "product": { "name": "Oracle HTTP Server Version 12.2.1.4.0", "product_id": "P-1042V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle HTTP Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Identity Manager Version 12.2.1.4.0", "product": { "name": "Oracle Identity Manager Version 12.2.1.4.0", "product_id": "P-1980V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Identity Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Identity Manager Connector Version 12.2.1.3.0", "product": { "name": "Oracle Identity Manager Connector Version 12.2.1.3.0", "product_id": "P-1999V-12.2.1.3.0" } }, { "category": "product_version", "name": "Oracle Identity Manager Connector Version 9.1.0", "product": { "name": "Oracle Identity Manager Connector Version 9.1.0", "product_id": "P-1999V-9.1.0" } } ], "category": "product_name", "name": "Oracle Identity Manager Connector" }, { "branches": [ { "category": "product_version", "name": "Oracle JDeveloper Version 12.2.1.4.0", "product": { "name": "Oracle JDeveloper Version 12.2.1.4.0", "product_id": "P-807V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle JDeveloper" }, { "branches": [ { "category": "product_version", "name": "Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0", "product": { "name": "Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0", "product_id": "P-4647V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Middleware Common Libraries and Tools" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Mobile Security Suite Version Prior to 11.1.2.3.1", "product": { "name": "Oracle Mobile Security Suite Version Prior to 11.1.2.3.1", "product_id": "P-10913V-Prior to 11.1.2.3.1" } } ], "category": "product_name", "name": "Oracle Mobile Security Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle SOA Suite Version 12.2.1.4.0", "product": { "name": "Oracle SOA Suite Version 12.2.1.4.0", "product_id": "P-1162V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle SOA Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Service Bus Version 12.2.1.4.0", "product": { "name": "Oracle Service Bus Version 12.2.1.4.0", "product_id": "P-5308V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Service Bus" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Content Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Content Version 12.2.1.4.0", "product_id": "P-2271V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle WebCenter Content" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Sites Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Sites Version 12.2.1.4.0", "product_id": "P-9617V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle WebCenter Sites" }, { "branches": [ { "category": "product_version", "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product": { "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product_id": "P-5242V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product": { "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product_id": "P-5242V-14.1.1.0.0" } } ], "category": "product_name", "name": "Oracle WebLogic Server" } ], "category": "product_family", "name": "Oracle Fusion Middleware" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Version 19.1.0.0.0-19.1.0.0.230422", "product": { "name": "Oracle GoldenGate Version 19.1.0.0.0-19.1.0.0.230422", "product_id": "P-5757V-19.1.0.0.0-19.1.0.0.230422" } }, { "category": "product_version_range", "name": "Oracle GoldenGate Version 21.3.0.0.0-21.10.0.0.5", "product": { "name": "Oracle GoldenGate Version 21.3.0.0.0-21.10.0.0.5", "product_id": "P-5757V-21.3.0.0.0-21.10.0.0.5" } } ], "category": "product_name", "name": "Oracle GoldenGate" }, { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Stream Analytics Version 19.1.0.0.0-19.1.0.0.7", "product": { "name": "Oracle GoldenGate Stream Analytics Version 19.1.0.0.0-19.1.0.0.7", "product_id": "P-14015V-19.1.0.0.0-19.1.0.0.7" } } ], "category": "product_name", "name": "Oracle GoldenGate Stream Analytics" } ], "category": "product_family", "name": "Oracle GoldenGate" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Graph Server and Client Version 21.4.6", "product": { "name": "Oracle Graph Server and Client Version 21.4.6", "product_id": "P-14069V-21.4.6" } }, { "category": "product_version", "name": "Oracle Graph Server and Client Version 21.4.7", "product": { "name": "Oracle Graph Server and Client Version 21.4.7", "product_id": "P-14069V-21.4.7" } }, { "category": "product_version", "name": "Oracle Graph Server and Client Version 22.4.1", "product": { "name": "Oracle Graph Server and Client Version 22.4.1", "product_id": "P-14069V-22.4.1" } }, { "category": "product_version", "name": "Oracle Graph Server and Client Version 22.4.2", "product": { "name": "Oracle Graph Server and Client Version 22.4.2", "product_id": "P-14069V-22.4.2" } }, { "category": "product_version", "name": "Oracle Graph Server and Client Version 23.1.0", "product": { "name": "Oracle Graph Server and Client Version 23.1.0", "product_id": "P-14069V-23.1.0" } } ], "category": "product_name", "name": "Oracle Graph Server and Client" } ], "category": "product_family", "name": "Oracle Graph Server and Client" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Health Sciences Sciences Data Management Workbench Version 3.1.0.2", "product": { "name": "Oracle Health Sciences Sciences Data Management Workbench Version 3.1.0.2", "product_id": "P-9581V-3.1.0.2" } }, { "category": "product_version", "name": "Oracle Health Sciences Sciences Data Management Workbench Version 3.1.1.3", "product": { "name": "Oracle Health Sciences Sciences Data Management Workbench Version 3.1.1.3", "product_id": "P-9581V-3.1.1.3" } }, { "category": "product_version", "name": "Oracle Health Sciences Sciences Data Management Workbench Version 3.2.0.0", "product": { "name": "Oracle Health Sciences Sciences Data Management Workbench Version 3.2.0.0", "product_id": "P-9581V-3.2.0.0" } } ], "category": "product_name", "name": "Oracle Health Sciences Sciences Data Management Workbench" } ], "category": "product_family", "name": "Oracle Health Sciences Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 20.1.0", "product": { "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 20.1.0", "product_id": "P-11607V-20.1.0" } }, { "category": "product_version", "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 20.2.0", "product": { "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 20.2.0", "product_id": "P-11607V-20.2.0" } }, { "category": "product_version", "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 20.3.3", "product": { "name": "Oracle Hospitality Cruise Shipboard Property Management System Version 20.3.3", "product_id": "P-11607V-20.3.3" } } ], "category": "product_name", "name": "Oracle Hospitality Cruise Shipboard Property Management System" } ], "category": "product_family", "name": "Oracle Hospitality Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Data Relationship Management Version 11.2.13.0.000", "product": { "name": "Oracle Hyperion Data Relationship Management Version 11.2.13.0.000", "product_id": "P-4375V-11.2.13.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Data Relationship Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Financial Reporting Version 11.2.13.0.000", "product": { "name": "Oracle Hyperion Financial Reporting Version 11.2.13.0.000", "product_id": "P-8776V-11.2.13.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Financial Reporting" }, { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Workspace Version 11.2.13.0.000", "product": { "name": "Oracle Hyperion Workspace Version 11.2.13.0.000", "product_id": "P-4361V-11.2.13.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Workspace" } ], "category": "product_family", "name": "Oracle Hyperion" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Documaker Version 12.6.1-12.7.1", "product": { "name": "Oracle Documaker Version 12.6.1-12.7.1", "product_id": "P-5477V-12.6.1-12.7.1" } } ], "category": "product_name", "name": "Oracle Documaker" } ], "category": "product_family", "name": "Oracle Insurance Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "JD Edwards EnterpriseOne Orchestrator Version Prior to 9.2.7.4", "product": { "name": "JD Edwards EnterpriseOne Orchestrator Version Prior to 9.2.7.4", "product_id": "P-11681V-Prior to 9.2.7.4" } } ], "category": "product_name", "name": "JD Edwards EnterpriseOne Orchestrator" }, { "branches": [ { "category": "product_version_range", "name": "JD Edwards EnterpriseOne Tools Version Prior to 9.2.7.3", "product": { "name": "JD Edwards EnterpriseOne Tools Version Prior to 9.2.7.3", "product_id": "P-4781V-Prior to 9.2.7.3" } }, { "category": "product_version_range", "name": "JD Edwards EnterpriseOne Tools Version Prior to 9.2.7.4", "product": { "name": "JD Edwards EnterpriseOne Tools Version Prior to 9.2.7.4", "product_id": "P-4781V-Prior to 9.2.7.4" } } ], "category": "product_name", "name": "JD Edwards EnterpriseOne Tools" } ], "category": "product_family", "name": "Oracle JD Edwards" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:21.3.6", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:21.3.6", "product_id": "P-13497V-Oracle GraalVM Enterprise Edition:21.3.6" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:22.3.2", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:22.3.2", "product_id": "P-13497V-Oracle GraalVM Enterprise Edition:22.3.2" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:17.0.7", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:17.0.7", "product_id": "P-13497V-Oracle GraalVM for JDK:17.0.7" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:20.0.1", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:20.0.1", "product_id": "P-13497V-Oracle GraalVM for JDK:20.0.1" } } ], "category": "product_name", "name": "Oracle GraalVM for JDK" }, { "branches": [ { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.10", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.10", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.6", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.6", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:21.3.6" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:22.3.2", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:22.3.2", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:22.3.2" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM for JDK:17.0.7", "product": { "name": "Oracle Java SE Version Oracle GraalVM for JDK:17.0.7", "product_id": "P-856V-Oracle GraalVM for JDK:17.0.7" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM for JDK:20.0.1", "product": { "name": "Oracle Java SE Version Oracle GraalVM for JDK:20.0.1", "product_id": "P-856V-Oracle GraalVM for JDK:20.0.1" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:11.0.19", "product": { "name": "Oracle Java SE Version Oracle Java SE:11.0.19", "product_id": "P-856V-Oracle Java SE:11.0.19" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:17.0.7", "product": { "name": "Oracle Java SE Version Oracle Java SE:17.0.7", "product_id": "P-856V-Oracle Java SE:17.0.7" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:20.0.1", "product": { "name": "Oracle Java SE Version Oracle Java SE:20.0.1", "product_id": "P-856V-Oracle Java SE:20.0.1" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:8u371", "product": { "name": "Oracle Java SE Version Oracle Java SE:8u371", "product_id": "P-856V-Oracle Java SE:8u371" } }, { "category": "product_version_range", "name": "Oracle Java SE Version Oracle Java SE:8u371-perf", "product": { "name": "Oracle Java SE Version Oracle Java SE:8u371-perf", "product_id": "P-856V-Oracle Java SE:8u371-perf" } } ], "category": "product_name", "name": "Oracle Java SE" } ], "category": "product_family", "name": "Oracle Java SE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "MySQL Cluster Version 8.0.33 and prior", "product": { "name": "MySQL Cluster Version 8.0.33 and prior", "product_id": "P-8479V-8.0.33 and prior" } } ], "category": "product_name", "name": "MySQL Cluster" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Connectors Version 8.0.33 and prior", "product": { "name": "MySQL Connectors Version 8.0.33 and prior", "product_id": "P-8576V-8.0.33 and prior" } } ], "category": "product_name", "name": "MySQL Connectors" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Enterprise Monitor Version 8.0.34 and prior", "product": { "name": "MySQL Enterprise Monitor Version 8.0.34 and prior", "product_id": "P-8480V-8.0.34 and prior" } } ], "category": "product_name", "name": "MySQL Enterprise Monitor" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Server Version 5.7.41 and prior", "product": { "name": "MySQL Server Version 5.7.41 and prior", "product_id": "P-8478V-5.7.41 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 5.7.42 and prior", "product": { "name": "MySQL Server Version 5.7.42 and prior", "product_id": "P-8478V-5.7.42 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.27 and prior", "product": { "name": "MySQL Server Version 8.0.27 and prior", "product_id": "P-8478V-8.0.27 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.32 and prior", "product": { "name": "MySQL Server Version 8.0.32 and prior", "product_id": "P-8478V-8.0.32 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.33 and prior", "product": { "name": "MySQL Server Version 8.0.33 and prior", "product_id": "P-8478V-8.0.33 and prior" } } ], "category": "product_name", "name": "MySQL Server" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Workbench Version 8.0.33 and prior", "product": { "name": "MySQL Workbench Version 8.0.33 and prior", "product_id": "P-4627V-8.0.33 and prior" } } ], "category": "product_name", "name": "MySQL Workbench" } ], "category": "product_family", "name": "Oracle MySQL" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle NoSQL Database Version 19.5.33", "product": { "name": "Oracle NoSQL Database Version 19.5.33", "product_id": "P-13373V-19.5.33" } }, { "category": "product_version", "name": "Oracle NoSQL Database Version 20.3.28", "product": { "name": "Oracle NoSQL Database Version 20.3.28", "product_id": "P-13373V-20.3.28" } }, { "category": "product_version", "name": "Oracle NoSQL Database Version 21.2.55", "product": { "name": "Oracle NoSQL Database Version 21.2.55", "product_id": "P-13373V-21.2.55" } }, { "category": "product_version", "name": "Oracle NoSQL Database Version 22.3.26", "product": { "name": "Oracle NoSQL Database Version 22.3.26", "product_id": "P-13373V-22.3.26" } } ], "category": "product_name", "name": "Oracle NoSQL Database" } ], "category": "product_family", "name": "Oracle NoSQL Database" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.59", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.59", "product_id": "P-5085V-8.59" } }, { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.60", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.60", "product_id": "P-5085V-8.60" } } ], "category": "product_name", "name": "PeopleSoft Enterprise PeopleTools" } ], "category": "product_family", "name": "Oracle PeopleSoft" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Policy Automation Version Prior to 12.2.30", "product": { "name": "Oracle Policy Automation Version Prior to 12.2.30", "product_id": "P-5624V-Prior to 12.2.30" } }, { "category": "product_version_range", "name": "Oracle Policy Automation Version Prior to 12.2.31", "product": { "name": "Oracle Policy Automation Version Prior to 12.2.31", "product_id": "P-5624V-Prior to 12.2.31" } } ], "category": "product_name", "name": "Oracle Policy Automation" } ], "category": "product_family", "name": "Oracle Policy Automation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Retail Advanced Inventory Planning Version 15.0", "product": { "name": "Oracle Retail Advanced Inventory Planning Version 15.0", "product_id": "P-1785V-15.0" } }, { "category": "product_version", "name": "Oracle Retail Advanced Inventory Planning Version 16.0", "product": { "name": "Oracle Retail Advanced Inventory Planning Version 16.0", "product_id": "P-1785V-16.0" } } ], "category": "product_name", "name": "Oracle Retail Advanced Inventory Planning" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Bulk Data Integration Version 16.0.3", "product": { "name": "Oracle Retail Bulk Data Integration Version 16.0.3", "product_id": "P-12968V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Bulk Data Integration Version 19.0.1", "product": { "name": "Oracle Retail Bulk Data Integration Version 19.0.1", "product_id": "P-12968V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Bulk Data Integration" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Financial Integration Version 14.2.0", "product": { "name": "Oracle Retail Financial Integration Version 14.2.0", "product_id": "P-10722V-14.2.0" } }, { "category": "product_version", "name": "Oracle Retail Financial Integration Version 15.0.4", "product": { "name": "Oracle Retail Financial Integration Version 15.0.4", "product_id": "P-10722V-15.0.4" } }, { "category": "product_version", "name": "Oracle Retail Financial Integration Version 16.0.3", "product": { "name": "Oracle Retail Financial Integration Version 16.0.3", "product_id": "P-10722V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Financial Integration Version 19.0.1", "product": { "name": "Oracle Retail Financial Integration Version 19.0.1", "product_id": "P-10722V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Financial Integration" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Integration Bus Version 14.2.0", "product": { "name": "Oracle Retail Integration Bus Version 14.2.0", "product_id": "P-1807V-14.2.0" } }, { "category": "product_version", "name": "Oracle Retail Integration Bus Version 15.0.4", "product": { "name": "Oracle Retail Integration Bus Version 15.0.4", "product_id": "P-1807V-15.0.4" } }, { "category": "product_version", "name": "Oracle Retail Integration Bus Version 16.0.3", "product": { "name": "Oracle Retail Integration Bus Version 16.0.3", "product_id": "P-1807V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Integration Bus Version 19.0.1", "product": { "name": "Oracle Retail Integration Bus Version 19.0.1", "product_id": "P-1807V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Integration Bus" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Order Broker Version 19.1", "product": { "name": "Oracle Retail Order Broker Version 19.1", "product_id": "P-11520V-19.1" } } ], "category": "product_name", "name": "Oracle Retail Order Broker" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Predictive Application Server Version 15.0.3", "product": { "name": "Oracle Retail Predictive Application Server Version 15.0.3", "product_id": "P-1823V-15.0.3" } }, { "category": "product_version", "name": "Oracle Retail Predictive Application Server Version 16.0.3", "product": { "name": "Oracle Retail Predictive Application Server Version 16.0.3", "product_id": "P-1823V-16.0.3" } } ], "category": "product_name", "name": "Oracle Retail Predictive Application Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Service Backbone Version 14.2.0", "product": { "name": "Oracle Retail Service Backbone Version 14.2.0", "product_id": "P-10867V-14.2.0" } }, { "category": "product_version", "name": "Oracle Retail Service Backbone Version 15.0.4", "product": { "name": "Oracle Retail Service Backbone Version 15.0.4", "product_id": "P-10867V-15.0.4" } }, { "category": "product_version", "name": "Oracle Retail Service Backbone Version 16.0.3", "product": { "name": "Oracle Retail Service Backbone Version 16.0.3", "product_id": "P-10867V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Service Backbone Version 19.0.1", "product": { "name": "Oracle Retail Service Backbone Version 19.0.1", "product_id": "P-10867V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Service Backbone" } ], "category": "product_family", "name": "Oracle Retail Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Secure Backup Version 18.1.0.1.0", "product": { "name": "Oracle Secure Backup Version 18.1.0.1.0", "product_id": "P-1522V-18.1.0.1.0" } } ], "category": "product_name", "name": "Oracle Secure Backup" } ], "category": "product_family", "name": "Oracle Secure Backup" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Siebel Apps Version 23.4 and prior", "product": { "name": "Siebel Apps Version 23.4 and prior", "product_id": "P-8974V-23.4 and prior" } } ], "category": "product_name", "name": "Siebel Apps" }, { "branches": [ { "category": "product_version_range", "name": "Siebel CRM Version 22.12 and prior", "product": { "name": "Siebel CRM Version 22.12 and prior", "product_id": "P-9011V-22.12 and prior" } }, { "category": "product_version_range", "name": "Siebel CRM Version 23.4 and prior", "product": { "name": "Siebel CRM Version 23.4 and prior", "product_id": "P-9011V-23.4 and prior" } }, { "category": "product_version_range", "name": "Siebel CRM Version 23.5 and prior", "product": { "name": "Siebel CRM Version 23.5 and prior", "product_id": "P-9001V-23.5 and prior" } }, { "category": "product_version_range", "name": "Siebel CRM Version 23.5 and prior", "product": { "name": "Siebel CRM Version 23.5 and prior", "product_id": "P-9011V-23.5 and prior" } }, { "category": "product_version_range", "name": "Siebel CRM Version 23.6 and prior", "product": { "name": "Siebel CRM Version 23.6 and prior", "product_id": "P-9001V-23.6 and prior" } } ], "category": "product_name", "name": "Siebel CRM" } ], "category": "product_family", "name": "Oracle Siebel CRM" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Spatial Studio Version 22.3.0", "product": { "name": "Oracle Spatial Studio Version 22.3.0", "product_id": "P-13600V-22.3.0" } } ], "category": "product_name", "name": "Oracle Spatial Studio" } ], "category": "product_family", "name": "Oracle Spatial Studio" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Agile Engineering Data Management Version 6.2.1.0-6.2.1.8", "product": { "name": "Oracle Agile Engineering Data Management Version 6.2.1.0-6.2.1.8", "product_id": "P-4436V-6.2.1.0-6.2.1.8" } } ], "category": "product_name", "name": "Oracle Agile Engineering Data Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Agile PLM Version 9.3.6", "product": { "name": "Oracle Agile PLM Version 9.3.6", "product_id": "P-4461V-9.3.6" } } ], "category": "product_name", "name": "Oracle Agile PLM" }, { "branches": [ { "category": "product_version_range", "name": "Oracle AutoVue Version 21.0.2.0-21.0.2.7", "product": { "name": "Oracle AutoVue Version 21.0.2.0-21.0.2.7", "product_id": "P-4451V-21.0.2.0-21.0.2.7" } } ], "category": "product_name", "name": "Oracle AutoVue" }, { "branches": [ { "category": "product_version", "name": "Oracle Autovue for Agile Product Lifecycle Management Version 21.0.2", "product": { "name": "Oracle Autovue for Agile Product Lifecycle Management Version 21.0.2", "product_id": "P-4434V-21.0.2" } } ], "category": "product_name", "name": "Oracle Autovue for Agile Product Lifecycle Management" } ], "category": "product_family", "name": "Oracle Supply Chain" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Solaris Version 11", "product": { "name": "Oracle Solaris Version 11", "product_id": "P-10006V-11" } } ], "category": "product_name", "name": "Oracle Solaris" } ], "category": "product_family", "name": "Oracle Systems" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle TimesTen In-Memory Database Version 22.1.1.1.0-22.1.1.10.0", "product": { "name": "Oracle TimesTen In-Memory Database Version 22.1.1.1.0-22.1.1.10.0", "product_id": "P-1870V-22.1.1.1.0-22.1.1.10.0" } }, { "category": "product_version_range", "name": "Oracle TimesTen In-Memory Database Version 22.1.1.1.0-22.1.1.11.0", "product": { "name": "Oracle TimesTen In-Memory Database Version 22.1.1.1.0-22.1.1.11.0", "product_id": "P-1870V-22.1.1.1.0-22.1.1.11.0" } }, { "category": "product_version_range", "name": "Oracle TimesTen In-Memory Database Version 22.1.1.1.0-22.1.1.6.0", "product": { "name": "Oracle TimesTen In-Memory Database Version 22.1.1.1.0-22.1.1.6.0", "product_id": "P-1870V-22.1.1.1.0-22.1.1.6.0" } } ], "category": "product_name", "name": "Oracle TimesTen In-Memory Database" } ], "category": "product_family", "name": "Oracle TimesTen In-Memory Database" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Application Management Pack for Oracle Utilities and Enterprise Taxation Version 13.4.1.0.0", "product": { "name": "Application Management Pack for Oracle Utilities and Enterprise Taxation Version 13.4.1.0.0", "product_id": "P-9600V-13.4.1.0.0" } }, { "category": "product_version", "name": "Application Management Pack for Oracle Utilities and Enterprise Taxation Version 13.5.1.0.0", "product": { "name": "Application Management Pack for Oracle Utilities and Enterprise Taxation Version 13.5.1.0.0", "product_id": "P-9600V-13.5.1.0.0" } } ], "category": "product_name", "name": "Application Management Pack for Oracle Utilities and Enterprise Taxation" }, { "branches": [ { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.2.0.3.0", "product": { "name": "Oracle Utilities Application Framework Version 4.2.0.3.0", "product_id": "P-2245V-4.2.0.3.0" } }, { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 4.3.0.1.0-4.3.0.6.0", "product": { "name": "Oracle Utilities Application Framework Version 4.3.0.1.0-4.3.0.6.0", "product_id": "P-2245V-4.3.0.1.0-4.3.0.6.0" } }, { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 4.3.0.2.0-4.3.0.6.0", "product": { "name": "Oracle Utilities Application Framework Version 4.3.0.2.0-4.3.0.6.0", "product_id": "P-2245V-4.3.0.2.0-4.3.0.6.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.0.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.0.0", "product_id": "P-2245V-4.4.0.0.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.2.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.2.0", "product_id": "P-2245V-4.4.0.2.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.3.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.3.0", "product_id": "P-2245V-4.4.0.3.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.0.0", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.0.0", "product_id": "P-2245V-4.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.1.0", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.1.0", "product_id": "P-2245V-4.5.0.1.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.1.1", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.1.1", "product_id": "P-2245V-4.5.0.1.1" } } ], "category": "product_name", "name": "Oracle Utilities Application Framework" }, { "branches": [ { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.4.0.1.21", "product": { "name": "Oracle Utilities Network Management System Version 2.4.0.1.21", "product_id": "P-2241V-2.4.0.1.21" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.0.9", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.0.9", "product_id": "P-2241V-2.5.0.0.9" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.1", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.1", "product_id": "P-2241V-2.5.0.1" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.1.11", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.1.11", "product_id": "P-2241V-2.5.0.1.11" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.2", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.2", "product_id": "P-2241V-2.5.0.2" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.2.3", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.2.3", "product_id": "P-2241V-2.5.0.2.3" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.6.0.0", "product": { "name": "Oracle Utilities Network Management System Version 2.6.0.0", "product_id": "P-2241V-2.6.0.0" } } ], "category": "product_name", "name": "Oracle Utilities Network Management System" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Utilities Testing Accelerator Version 6.0.0.1-6.0.0.3", "product": { "name": "Oracle Utilities Testing Accelerator Version 6.0.0.1-6.0.0.3", "product_id": "P-13784V-6.0.0.1-6.0.0.3" } }, { "category": "product_version_range", "name": "Oracle Utilities Testing Accelerator Version 6.0.0.1-7.0.0.0", "product": { "name": "Oracle Utilities Testing Accelerator Version 6.0.0.1-7.0.0.0", "product_id": "P-13784V-6.0.0.1-7.0.0.0" } }, { "category": "product_version", "name": "Oracle Utilities Testing Accelerator Version 7.0.0.0", "product": { "name": "Oracle Utilities Testing Accelerator Version 7.0.0.0", "product_id": "P-13784V-7.0.0.0" } } ], "category": "product_name", "name": "Oracle Utilities Testing Accelerator" } ], "category": "product_family", "name": "Oracle Utilities Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle VM VirtualBox Version Prior to 6.1.46", "product": { "name": "Oracle VM VirtualBox Version Prior to 6.1.46", "product_id": "P-8370V-Prior to 6.1.46" } }, { "category": "product_version_range", "name": "Oracle VM VirtualBox Version Prior to 7.0.10", "product": { "name": "Oracle VM VirtualBox Version Prior to 7.0.10", "product_id": "P-8370V-Prior to 7.0.10" } } ], "category": "product_name", "name": "Oracle VM VirtualBox" } ], "category": "product_family", "name": "Oracle Virtualization" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2006-20001", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35218757" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (Apache HTTP Server)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Ops Center. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2018-1282", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35043663" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2018-25032", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "34660112" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "34157173" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (zlib)). Supported versions that are affected are 23.6 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Python)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.1.0", "P-9001V-23.6 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-23.6 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960532.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9001V-23.6 and prior", "P-14125V-23.1.0" ] } ] }, { "cve": "CVE-2018-8032", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "30218477" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (Apache Axis)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2019-0227", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "30218477" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (Apache Axis)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2019-10086", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "32054856" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35251438" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35241044" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Experience Manager, Platform Services (Apache Commons BeanUtils)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Service Administration UI (Apache Commons BeanUtils)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Presentation Services (Apache Commons BeanUtils)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025(Presentation Services)V-7.0.0.0.0", "P-9633V-11.3.2", "P-2025(Presentation Services)V-6.4.0.0.0", "P-2025(Service Administration UI)V-12.2.1.4.0", "P-2025(Presentation Services)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025(Presentation Services)V-6.4.0.0.0", "P-2025(Service Administration UI)V-12.2.1.4.0", "P-2025(Presentation Services)V-7.0.0.0.0", "P-2025(Presentation Services)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-2025(Presentation Services)V-6.4.0.0.0", "P-2025(Service Administration UI)V-12.2.1.4.0", "P-2025(Presentation Services)V-7.0.0.0.0", "P-2025(Presentation Services)V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2019-12402", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "33196208" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (Apache Commons Compress)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2019-13990", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34993953" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Framework (Quartz)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2019-17495", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.4.3.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35176633" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Build (Swagger UI)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-4379V-21.4.3.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.4.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.4.3.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.4.3.0.0" ] } ] }, { "cve": "CVE-2019-17531", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35322728" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (jackson-databind)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2019-17571", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "33681360" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Log4j)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1" ] } ] }, { "cve": "CVE-2020-10735", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "34660112" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Python)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960532.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14125V-23.1.0" ] } ] }, { "cve": "CVE-2020-11988", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35033961" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI FNDN (Apache XmlGraphics Commons)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2020-11998", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "32544710" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache ActiveMQ)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-13936", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "33519400" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "33240967" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "33519381" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Velocity Engine)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Velocity Engine)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Apache Velocity Engine)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in takeover of Oracle Banking APIs. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-4647V-12.2.1.4.0", "P-12605V-21.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-4647V-12.2.1.4.0", "P-12605V-21.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ] } ] }, { "cve": "CVE-2020-13947", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "32544710" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache ActiveMQ)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-13949", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35043663" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2020-13956", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "35348956" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache HttpClient)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-15250", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35165884" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (JSON-java)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9011V-23.5 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9011V-23.5 and prior" ] } ] }, { "cve": "CVE-2020-17521", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "32544668" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Groovy)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Data Quality executes to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-1926", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35043663" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2020-1953", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35043248" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Presentation Services (Apache Commons Configuration)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2020-29508", "ids": [ { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "34732263" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: TimesTen IMDB (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 22.1.1.1.0-22.1.1.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in takeover of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] } ] }, { "cve": "CVE-2020-35163", "ids": [ { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "34732263" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: TimesTen IMDB (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 22.1.1.1.0-22.1.1.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in takeover of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] } ] }, { "cve": "CVE-2020-35164", "ids": [ { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "34732263" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: TimesTen IMDB (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 22.1.1.1.0-22.1.1.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in takeover of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] } ] }, { "cve": "CVE-2020-35166", "ids": [ { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "34732263" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: TimesTen IMDB (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 22.1.1.1.0-22.1.1.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in takeover of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] } ] }, { "cve": "CVE-2020-35167", "ids": [ { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "34732263" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: TimesTen IMDB (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 22.1.1.1.0-22.1.1.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in takeover of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] } ] }, { "cve": "CVE-2020-35168", "ids": [ { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "34732263" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: TimesTen IMDB (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 22.1.1.1.0-22.1.1.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in takeover of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] } ] }, { "cve": "CVE-2020-35169", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "34737753" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "34732263" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: TimesTen IMDB (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 22.1.1.1.0-22.1.1.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in takeover of Oracle TimesTen In-Memory Database. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: BRM Server (BSAFE Crypto-c)). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via XMPP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Billing and Revenue Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2136V-12.0.0.4.0-12.0.0.7.0", "P-1870V-22.1.1.1.0-22.1.1.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136V-12.0.0.4.0-12.0.0.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957693.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1870V-22.1.1.1.0-22.1.1.6.0" ] }, { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-2136V-12.0.0.4.0-12.0.0.7.0" ] } ] }, { "cve": "CVE-2020-36518", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35066339" }, { "system_name": "Oracle Bug ID of Oracle Access Manager", "text": "34092777" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Access Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (Apache ZooKeeper)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9001V-23.5 and prior", "P-5565V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5565V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9001V-23.5 and prior", "P-5565V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-7712", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "32810706" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache ZooKeeper)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2020-7760", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM", "text": "34582306" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework (CodeMirror)). Supported versions that are affected are 22.12 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9011V-22.12 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-22.12 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9011V-22.12 and prior" ] } ] }, { "cve": "CVE-2020-8908", "ids": [ { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35323987" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "34822810" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35263564" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Jython)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Charging Server (Google Guava)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: 10g - Users, roles, credentials, security (Google Guava)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Data Integrator executes to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Data Integrator accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-2196V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-2196V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957693.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-2196V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-9493", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35066339" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (Apache ZooKeeper)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9001V-23.5 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9001V-23.5 and prior" ] } ] }, { "cve": "CVE-2021-21295", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35066339" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (Apache ZooKeeper)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9001V-23.5 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9001V-23.5 and prior" ] } ] }, { "cve": "CVE-2021-22569", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "34661188" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Google Protobuf-Java)). Supported versions that are affected are 7.4.0-7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Unified Inventory Management executes to compromise Oracle Communications Unified Inventory Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2959836.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0" ] } ] }, { "cve": "CVE-2021-23926", "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "35098110" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Fabric Layer (Apache XMLBeans)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SOA Suite accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SOA Suite. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1162V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-1162V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-24112", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Data Relationship Management", "text": "35374439" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Client - Unicode (.NET Core)). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Data Relationship Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4375V-11.2.13.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4375V-11.2.13.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4375V-11.2.13.0.000" ] } ] }, { "cve": "CVE-2021-25220", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35472412" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (BIND)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. While the vulnerability is in Oracle Communications Diameter Signaling Router, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-8.6.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] } ] }, { "cve": "CVE-2021-25642", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "34783864" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Oracle GoldenGate Stream Analytics (Apache Hadoop)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2021-26117", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "32544710" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache ActiveMQ)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-28168", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "34240634" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Eclipse Jersey)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0" ] } ] }, { "cve": "CVE-2021-29338", "ids": [ { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "34580650" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (OpenJPEG)). Supported versions that are affected are 21.0.2.0-21.0.2.7. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle AutoVue executes to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4451V-21.0.2.0-21.0.2.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4451V-21.0.2.0-21.0.2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4451V-21.0.2.0-21.0.2.7" ] } ] }, { "cve": "CVE-2021-29425", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "33287508" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Sites", "text": "33287959" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Commons IO)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Data Quality accessible data as well as unauthorized read access to a subset of Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (Apache Commons IO)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9617V-12.2.1.4.0", "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9617V-12.2.1.4.0", "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9617V-12.2.1.4.0", "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-33813", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35195241" }, { "system_name": "Oracle Bug ID of Oracle Service Bus", "text": "30929705" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Web Console Design, Admin (JDOM)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Service Bus. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI FNDN (JDOM)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-5308V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5308V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5308V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2021-34429", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "30238782" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Runtime Engine (Apache ZooKeeper)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5325V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-5325V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-34538", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35043663" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2021-3520", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Core)V-19.3-19.19", "P-5(Core)V-21.3-21.10" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "34559432" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Core (lz4) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Core)V-19.3-19.19", "P-5(Core)V-21.3-21.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Core)V-19.3-19.19", "P-5(Core)V-21.3-21.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Core)V-19.3-19.19", "P-5(Core)V-21.3-21.10" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Core)V-19.3-19.19", "P-5(Core)V-21.3-21.10" ] } ] }, { "cve": "CVE-2021-35515", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "33196191" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "33196208" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (Apache Commons Compress)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0", "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-35516", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "33196191" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "33196208" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (Apache Commons Compress)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0", "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-35517", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "33196191" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "33196208" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (Apache Commons Compress)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0", "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-36090", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "33196191" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "33196208" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (Apache Commons Compress)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0", "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-36373", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "33176642" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Ant)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Business Process Management Suite executes to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5325V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5325V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-36374", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "33176642" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Ant)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Business Process Management Suite executes to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5325V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5325V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-37533", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Integration Bus", "text": "35346776" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "35346730" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "35346696" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending", "text": "35346703" }, { "system_name": "Oracle Bug ID of Oracle Banking Treasury Management", "text": "35526184" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35116727" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Integrity", "text": "35346722" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "35346799" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35066339" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Investor Servicing", "text": "35346737" }, { "system_name": "Oracle Bug ID of Oracle Banking Payments", "text": "35346709" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "35526445" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35101903" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35346691" }, { "system_name": "Oracle Bug ID of Oracle Retail Service Backbone", "text": "35346780" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (Apache ZooKeeper)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons Net)). Supported versions that are affected are 14.0-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Commons Net)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Service Administration UI (Apache Commons Net)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Generic Unix Connector (Apache Commons Net)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager Connector. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: core module (Apache Commons Net)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Payments Core (Apache Commons Net)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Integrity product of Oracle Communications Applications (component: Other (Apache Commons Net)). The supported version that is affected is 7.3.6.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Integrity. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Network Integrity accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Docupresentment Server and Documaker Connector (Apache Commons Net)). Supported versions that are affected are 12.6.1-12.7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Documaker accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure Code (Apache Commons Net)). The supported version that is affected is 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Apache Commons Net)). Supported versions that are affected are 14.2.0, 15.0.4, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Integration Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: RSB Installation (Apache Commons Net)). Supported versions that are affected are 14.2.0, 15.0.4, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Service Backbone accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Apache Commons Net)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16, 20.12.0-20.12.11 and 21.12.0-21.12.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Gateway accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infra Code (Apache Commons Net)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Treasury Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons Net)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9052V-14.0-14.7", "P-1807V-19.0.1", "P-10605V-21.12.0-21.12.9", "P-5477V-12.6.1-12.7.1", "P-9099V-14.7.0.0.0", "P-2025V-6.4.0.0.0", "P-1807V-14.2.0", "P-14133V-14.5-14.7", "P-13011V-14.5-14.7", "P-4461V-9.3.6", "P-4491V-7.3.6.4", "P-10867V-19.0.1", "P-1807V-15.0.4", "P-12989V-14.0-14.3", "P-14134V-14.5-14.7", "P-1999V-12.2.1.3.0", "P-9001V-23.5 and prior", "P-10867V-15.0.4", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-10605V-20.12.0-20.12.11", "P-10867V-14.2.0", "P-1807V-16.0.3", "P-10867V-16.0.3", "P-14134V-14.0-14.3", "P-12989V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12989V-14.0-14.3", "P-14134V-14.5-14.7", "P-14133V-14.5-14.7", "P-9052V-14.0-14.7", "P-13011V-14.5-14.7", "P-9099V-14.7.0.0.0", "P-14134V-14.0-14.3", "P-12989V-14.5-14.7" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4491V-7.3.6.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2959869.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.6.1-12.7.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960012.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10867V-16.0.3", "P-1807V-19.0.1", "P-10867V-15.0.4", "P-10867V-14.2.0", "P-10867V-19.0.1", "P-1807V-15.0.4", "P-1807V-14.2.0", "P-1807V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2956573.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10605V-21.12.0-21.12.9", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-10605V-20.12.0-20.12.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2958838.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9001V-23.5 and prior" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-9052V-14.0-14.7", "P-1807V-19.0.1", "P-10605V-21.12.0-21.12.9", "P-5477V-12.6.1-12.7.1", "P-9099V-14.7.0.0.0", "P-2025V-6.4.0.0.0", "P-1807V-14.2.0", "P-14133V-14.5-14.7", "P-13011V-14.5-14.7", "P-4461V-9.3.6", "P-4491V-7.3.6.4", "P-10867V-19.0.1", "P-1807V-15.0.4", "P-12989V-14.0-14.3", "P-14134V-14.5-14.7", "P-1999V-12.2.1.3.0", "P-10867V-15.0.4", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-10605V-20.12.0-20.12.11", "P-10867V-14.2.0", "P-1807V-16.0.3", "P-10867V-16.0.3", "P-14134V-14.0-14.3", "P-12989V-14.5-14.7" ] } ] }, { "cve": "CVE-2021-40528", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35515109" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (libgcrypt)). The supported version that is affected is 23.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-23.1.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14123V-23.1.2" ] } ] }, { "cve": "CVE-2021-40690", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "33798151" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Endeca Application Controller (Apache Santuario XML Security For Java)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2" ] } ] }, { "cve": "CVE-2021-4104", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "33681360" }, { "system_name": "Oracle Bug ID of Oracle Service Bus", "text": "31540010" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: Web Console Design (Apache Log4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in takeover of Oracle Service Bus. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Log4j)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1", "P-5308V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5308V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5308V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1" ] } ] }, { "cve": "CVE-2021-41182", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34186953" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "33798025" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Exadata", "text": "34781955" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "33798101" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Oracle Database", "text": "33798038" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Experience Manager (jQueryUI)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Security Management (jQueryUI)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Oracle Database. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager for Oracle Database, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Manager for Oracle Database accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager for Oracle Database accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Web Tier (jQueryUI)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Service Administration UI, BI Platform Security (jQueryUI)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: DB Machine Management (jQueryUI)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Exadata. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager for Exadata, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Manager for Exadata accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager for Exadata accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-9633V-11.3.2", "P-9584V-13.5.0.0", "P-1366V-13.5.0.0" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1366V-13.5.0.0", "P-9584V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-1366V-13.5.0.0", "P-2025V-6.4.0.0.0", "P-9584V-13.5.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2021-41183", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34186953" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "33798025" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Exadata", "text": "34781955" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "33798101" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Oracle Database", "text": "33798038" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Experience Manager (jQueryUI)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Security Management (jQueryUI)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Oracle Database. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager for Oracle Database, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Manager for Oracle Database accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager for Oracle Database accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Web Tier (jQueryUI)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Service Administration UI, BI Platform Security (jQueryUI)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: DB Machine Management (jQueryUI)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Exadata. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager for Exadata, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Manager for Exadata accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager for Exadata accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-9633V-11.3.2", "P-9584V-13.5.0.0", "P-1366V-13.5.0.0" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1366V-13.5.0.0", "P-9584V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-1366V-13.5.0.0", "P-2025V-6.4.0.0.0", "P-9584V-13.5.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2021-41184", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34186953" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "30614744" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "33798025" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Exadata", "text": "34781955" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "33798101" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Oracle Database", "text": "33798038" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: BPM Studio (jQueryUI)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Process Management Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Experience Manager (jQueryUI)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Security Management (jQueryUI)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Oracle Database. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager for Oracle Database, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Manager for Oracle Database accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager for Oracle Database accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Web Tier (jQueryUI)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Service Administration UI, BI Platform Security (jQueryUI)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: DB Machine Management (jQueryUI)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Exadata. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager for Exadata, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Manager for Exadata accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager for Exadata accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5325V-12.2.1.4.0", "P-2025V-6.4.0.0.0", "P-9633V-11.3.2", "P-9584V-13.5.0.0", "P-1366V-13.5.0.0" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1366V-13.5.0.0", "P-9584V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-1366V-13.5.0.0", "P-5325V-12.2.1.4.0", "P-2025V-6.4.0.0.0", "P-9584V-13.5.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2021-41973", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-2196V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35055986" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Studio UI (Apache Mina)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-2196V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2196V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-2196V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-42575", "ids": [ { "system_name": "Oracle Bug ID of Oracle JDeveloper", "text": "34647149" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergence", "text": "35412018" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces (Java HTML Sanitizer)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Configuration (Java HTML Sanitizer)). The supported version that is affected is 3.0.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8501V-3.0.3.2", "P-807V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-807V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8501V-3.0.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957711.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8501V-3.0.3.2", "P-807V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-43113", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Content", "text": "35028043" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server (iTextPDF)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2271V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2271V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2271V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-43859", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "34426526" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (XStream)). Supported versions that are affected are 7.4.0-7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2959836.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4516V-7.4.0-7.4.2", "P-4516V-7.5.0" ] } ] }, { "cve": "CVE-2021-44228", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "33681360" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Log4j)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1" ] } ] }, { "cve": "CVE-2021-44832", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "33681360" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Log4j)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1" ] } ] }, { "cve": "CVE-2021-45046", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "33681360" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Log4j)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1" ] } ] }, { "cve": "CVE-2021-45105", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "33681360" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Log4j)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1" ] } ] }, { "cve": "CVE-2021-46877", "ids": [ { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35323847" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: 10g - Users, roles, credentials, security (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Data Integrator. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2196V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2196V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-1122", "ids": [ { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "34580650" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (OpenJPEG)). Supported versions that are affected are 21.0.2.0-21.0.2.7. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle AutoVue executes to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4451V-21.0.2.0-21.0.2.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4451V-21.0.2.0-21.0.2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4451V-21.0.2.0-21.0.2.7" ] } ] }, { "cve": "CVE-2022-1471", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Convergent Charging Controller", "text": "35156436" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Investor Servicing", "text": "35156458" }, { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "34991186" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35156402" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Orchestrator", "text": "35156387" }, { "system_name": "Oracle Bug ID of Oracle Communications Pricing Design Center", "text": "35559396" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35156441" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35092720" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Charging and Control", "text": "35156440" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35156509" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "35156508" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35156518" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35156439" }, { "system_name": "Oracle Bug ID of Oracle Hospitality Cruise Shipboard Property Management System", "text": "35252647" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "35156395" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35165835" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: REST API (SnakeYAML)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Majel Mobile Service (SnakeYAML)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (SnakeYAML)). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Orchestrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (SnakeYAML)). Supported versions that are affected are 18.2.0.0.0, 18.3.0.0.0, 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in takeover of Oracle Banking APIs. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (SnakeYAML)). Supported versions that are affected are 18.2.0.0.0, 18.3.0.0.0, 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (SnakeYAML)). The supported version that is affected is 12.0.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Core (SnakeYAML)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (SnakeYAML)). The supported version that is affected is 12.0.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Platform (SnakeYAML)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in takeover of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure Code (SnakeYAML)). The supported version that is affected is 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Investor Servicing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (SnakeYAML)). The supported version that is affected is 2.5.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Network Management System. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (SnakeYAML)). Supported versions that are affected are 6.0.0.1-7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (SnakeYAML)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (SnakeYAML)). Supported versions that are affected are 23.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in takeover of Siebel CRM. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: Next-Gen SPMS (Helidon)). The supported version that is affected is 20.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Services Manager (SnakeYAML)). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in takeover of Oracle Communications Pricing Design Center. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13676V-18.3.0.0.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-9099V-14.7.0.0.0", "P-13676V-22.1.0.0.0", "P-2025V-6.4.0.0.0", "P-13676V-19.1.0.0.0", "P-12605V-19.1.0.0.0", "P-2241V-2.5.0.2", "P-13676V-21.1.0.0.0", "P-12605V-18.3.0.0.0", "P-13676V-22.2.0.0.0", "P-11681V-Prior to 9.2.7.4", "P-14547V-23.1.0", "P-13784V-6.0.0.1-7.0.0.0", "P-12985V-12.0.6.0.0", "P-13676V-19.2.0.0.0", "P-12605V-22.1.0.0.0", "P-4623V-12.0.6.0.0", "P-5085V-8.59", "P-13676V-18.2.0.0.0", "P-12605V-21.1.0.0.0", "P-9437V-12.0.0.4.0-12.0.0.7.0", "P-9011V-23.4 and prior", "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-12605V-19.2.0.0.0", "P-12605V-18.2.0.0.0", "P-11607V-20.3.3", "P-5085V-8.60", "P-12605V-22.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-9437V-12.0.0.4.0-12.0.0.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957693.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11681V-Prior to 9.2.7.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2959208.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-18.3.0.0.0", "P-13676V-19.2.0.0.0", "P-12605V-22.1.0.0.0", "P-9099V-14.7.0.0.0", "P-13676V-18.2.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-13676V-19.1.0.0.0", "P-12605V-19.1.0.0.0", "P-13676V-21.1.0.0.0", "P-12605V-18.3.0.0.0", "P-13676V-22.2.0.0.0", "P-12605V-19.2.0.0.0", "P-12605V-18.2.0.0.0", "P-12605V-22.2.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12985V-12.0.6.0.0", "P-4623V-12.0.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957695.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-6.0.0.1-7.0.0.0", "P-2241V-2.5.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-23.4 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11607V-20.3.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2956382.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13676V-18.3.0.0.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-9099V-14.7.0.0.0", "P-13676V-22.1.0.0.0", "P-2025V-6.4.0.0.0", "P-13676V-19.1.0.0.0", "P-12605V-19.1.0.0.0", "P-2241V-2.5.0.2", "P-13676V-21.1.0.0.0", "P-12605V-18.3.0.0.0", "P-13676V-22.2.0.0.0", "P-11681V-Prior to 9.2.7.4", "P-14547V-23.1.0", "P-13784V-6.0.0.1-7.0.0.0", "P-12985V-12.0.6.0.0", "P-13676V-19.2.0.0.0", "P-12605V-22.1.0.0.0", "P-4623V-12.0.6.0.0", "P-5085V-8.59", "P-13676V-18.2.0.0.0", "P-12605V-21.1.0.0.0", "P-9437V-12.0.0.4.0-12.0.0.7.0", "P-9011V-23.4 and prior", "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-12605V-19.2.0.0.0", "P-12605V-18.2.0.0.0", "P-11607V-20.3.3", "P-5085V-8.60", "P-12605V-22.2.0.0.0" ] } ] }, { "cve": "CVE-2022-2047", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "34457269" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34457275" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Eclipse Jetty)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Eclipse Jetty)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14195V-14.7.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14195V-14.7.0.2.0" ] } ] }, { "cve": "CVE-2022-2048", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "34457269" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35066339" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34457275" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Eclipse Jetty)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Eclipse Jetty)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (Apache ZooKeeper)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9001V-23.5 and prior", "P-14195V-14.7.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9001V-23.5 and prior", "P-14195V-14.7.0.2.0" ] } ] }, { "cve": "CVE-2022-21189", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.10" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35462362" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (Dexie) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.10" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.10" ] } ] }, { "cve": "CVE-2022-2191", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "34457269" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34457275" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Eclipse Jetty)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Eclipse Jetty)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14195V-14.7.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14195V-14.7.0.2.0" ] } ] }, { "cve": "CVE-2022-22950", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Oracle Database", "text": "34345978" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Security Management (Spring Framework)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager for Oracle Database. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1366V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1366V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1366V-13.5.0.0" ] } ] }, { "cve": "CVE-2022-22970", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Fusion Middleware", "text": "34362869" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: Infrastructure Management (Spring Framework)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1369V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1369V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1369V-13.5.0.0" ] } ] }, { "cve": "CVE-2022-22971", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Fusion Middleware", "text": "34362869" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: Infrastructure Management (Spring Framework)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager for Fusion Middleware. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1369V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1369V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1369V-13.5.0.0" ] } ] }, { "cve": "CVE-2022-23302", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "33681360" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Log4j)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1" ] } ] }, { "cve": "CVE-2022-23305", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "33681360" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Log4j)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1" ] } ] }, { "cve": "CVE-2022-23307", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "33681360" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35066339" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Log4j)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (Apache ZooKeeper)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1", "P-9001V-23.5 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9001V-23.5 and prior" ] } ] }, { "cve": "CVE-2022-23437", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "34408413" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35287894" }, { "system_name": "Oracle Bug ID of Oracle Communications Design Studio", "text": "33876498" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "33880708" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Design Studio product of Oracle Communications Applications (component: Other (Apache Xerces2 Java)). Supported versions that are affected are 7.4.0.7.0, 7.4.1.5.0 and 7.4.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Design Studio. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Design Studio. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Runtime Engine (Apache Xerces2 Java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security Component (Apache Xerces2 Java)). Supported versions that are affected are 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Endeca Application Controller (Apache Xerces2 Java)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2", "P-5325V-12.2.1.4.0", "P-4516V-7.4.1", "P-4516V-7.5.0", "P-4516V-7.4.2", "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961899.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.1", "P-4516V-7.5.0", "P-4516V-7.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-5325V-12.2.1.4.0", "P-4516V-7.4.1", "P-4516V-7.5.0", "P-4516V-7.4.2", "P-2283V-7.4.0.7.0", "P-2283V-7.4.2.8.0", "P-2283V-7.4.1.5.0" ] } ] }, { "cve": "CVE-2022-23457", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "34746594" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Security (Enterprise Security API)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-23469", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "35219542" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Traefik)). The supported version that is affected is 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2270V-7.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2957694.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2270V-7.4.1" ] } ] }, { "cve": "CVE-2022-23491", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35387970" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Certifi)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2022-24409", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35133678" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (BSAFE SSL-J)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-24728", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "35287077" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: WebUI (CKEditor)). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ] } ] }, { "cve": "CVE-2022-24729", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "35287077" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: WebUI (CKEditor)). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ] } ] }, { "cve": "CVE-2022-24891", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "34746594" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Security (Enterprise Security API)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-25147", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35473283" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (Apache Portable Runtime Utility)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-8.6.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] } ] }, { "cve": "CVE-2022-25168", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "34783864" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Oracle GoldenGate Stream Analytics (Apache Hadoop)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2022-25647", "ids": [ { "system_name": "Oracle Bug ID of Oracle BAM (Business Activity Monitoring)", "text": "34315414" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34874491" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle BAM (Business Activity Monitoring) product of Oracle Fusion Middleware (component: General (Google Gson)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BAM (Business Activity Monitoring). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle BAM (Business Activity Monitoring). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Framework (Google Gson)). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1675V-12.2.1.4.0", "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1675V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-1675V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-26612", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35043663" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hive)). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-27404", "ids": [ { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "34665840" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (FreeType)). Supported versions that are affected are 21.0.2.0-21.0.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4451V-21.0.2.0-21.0.2.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4451V-21.0.2.0-21.0.2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4451V-21.0.2.0-21.0.2.7" ] } ] }, { "cve": "CVE-2022-27405", "ids": [ { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "34665840" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (FreeType)). Supported versions that are affected are 21.0.2.0-21.0.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4451V-21.0.2.0-21.0.2.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4451V-21.0.2.0-21.0.2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4451V-21.0.2.0-21.0.2.7" ] } ] }, { "cve": "CVE-2022-27406", "ids": [ { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "34665840" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (FreeType)). Supported versions that are affected are 21.0.2.0-21.0.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4451V-21.0.2.0-21.0.2.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4451V-21.0.2.0-21.0.2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4451V-21.0.2.0-21.0.2.7" ] } ] }, { "cve": "CVE-2022-2795", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35472412" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (BIND)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. While the vulnerability is in Oracle Communications Diameter Signaling Router, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-8.6.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] } ] }, { "cve": "CVE-2022-29361", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35476964" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Werkzeug)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-29546", "ids": [ { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "34743894" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (NekoHTML)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4647V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-2963", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "35166328" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (JasPer)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-22.4.0", "P-14117V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-22.4.0", "P-14117V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960537.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14117V-22.4.0", "P-14117V-23.1.0" ] } ] }, { "cve": "CVE-2022-31129", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "34462327" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "34462332" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Moment.js)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Moment.js)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13676V-22.2.0.0.0", "P-12605V-22.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ] } ] }, { "cve": "CVE-2022-31160", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM", "text": "34932519" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework (jQueryUI)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel CRM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel CRM accessible data as well as unauthorized read access to a subset of Siebel CRM accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9011V-23.5 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9011V-23.5 and prior" ] } ] }, { "cve": "CVE-2022-31197", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "35054339" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (PostgreSQL JDBC Driver)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9464V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.0, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9464V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-31630", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1522V-18.1.0.1.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "35043776" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1522V-18.1.0.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-18.1.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1522V-18.1.0.1.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1522V-18.1.0.1.0" ] } ] }, { "cve": "CVE-2022-31690", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34780000" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "34780001" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "34779998" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Security)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Spring Security)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in takeover of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Spring Security)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.5.0.8.0", "P-13718V-14.7.0.2.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.5.0.8.0", "P-13718V-14.7.0.2.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.5.0.8.0", "P-13718V-14.7.0.2.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0" ] } ] }, { "cve": "CVE-2022-31692", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34780000" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "34780001" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "34779998" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35013139" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Security)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Spring Security)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in takeover of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Spring Security)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (Spring Security)). Supported versions that are affected are 5.5.0-5.5.17 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14597V-5.5.0-5.5.17", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14597V-6.0.0-6.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.5.0.8.0", "P-13718V-14.7.0.2.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957696.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14597V-5.5.0-5.5.17", "P-13718V-14.6.0.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.5.0.8.0", "P-13718V-14.7.0.2.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-14597V-6.0.0-6.0.2" ] } ] }, { "cve": "CVE-2022-3171", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "34859638" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34859645" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "34859646" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "34859641" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "34859642" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Google Protobuf-Java)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Google Protobuf-Java)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Google Protobuf-Java)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Google Protobuf-Java)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Google Protobuf-Java)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14195V-14.7.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14195V-14.7.0.2.0" ] } ] }, { "cve": "CVE-2022-31777", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35383821" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35073779" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Spark)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache Spark)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2022-33879", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35280040" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35280030" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35280031" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35280032" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "34841448" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35280037" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35280039" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35280034" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35280035" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Tika)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Middleware Common Libraries and Tools executes to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Apache Tika)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Branch executes to compromise Oracle Banking Branch. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Apache Tika)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Cash Management executes to compromise Oracle Banking Cash Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache Tika)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Corporate Lending Process Management executes to compromise Oracle Banking Corporate Lending Process Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Apache Tika)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Credit Facilities Process Management executes to compromise Oracle Banking Credit Facilities Process Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Tika)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Digital Experience executes to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Apache Tika)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Liquidity Management executes to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache Tika)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Supply Chain Finance executes to compromise Oracle Banking Supply Chain Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Apache Tika)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Banking Trade Finance Process Management executes to compromise Oracle Banking Trade Finance Process Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-12605V-22.1.0.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-12605V-21.1.0.0.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-4647V-12.2.1.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-12605V-22.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-12605V-22.1.0.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-12605V-21.1.0.0.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-12605V-22.2.0.0.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-12605V-22.1.0.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-12605V-21.1.0.0.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-4647V-12.2.1.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-12605V-22.2.0.0.0" ] } ] }, { "cve": "CVE-2022-33980", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35043248" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Presentation Services (Apache Commons Configuration)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-34305", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "35137250" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (Apache Tomcat)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4436V-6.2.1.0-6.2.1.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-4436V-6.2.1.0-6.2.1.8" ] } ] }, { "cve": "CVE-2022-34364", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35133678" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (BSAFE SSL-J)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-3479", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "35033540" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (NSS)). The supported version that is affected is 8.1.0.21.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8496V-8.1.0.21.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.21.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957711.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8496V-8.1.0.21.0" ] } ] }, { "cve": "CVE-2022-3602", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35095119" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: E1 Dev Platform Tech (Node.js)). Supported versions that are affected are Prior to 9.2.7.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.7.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.7.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2959208.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.7.3" ] } ] }, { "cve": "CVE-2022-36033", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-2241V-2.5.0.0.9", "P-2241V-2.5.0.1.11", "P-2241V-2.5.0.2.3", "P-2241V-2.4.0.1.21" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "34897672" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "34897684" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "34897730" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "34897690" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "34897681" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "34897719" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "34897687" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "34897698" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34897689" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Data Quality, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Data Quality accessible data as well as unauthorized read access to a subset of Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (jsoup)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Cash Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Cash Management accessible data as well as unauthorized read access to a subset of Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (jsoup)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Credit Facilities Process Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Credit Facilities Process Management accessible data as well as unauthorized read access to a subset of Oracle Banking Credit Facilities Process Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (jsoup)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Liquidity Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Liquidity Management accessible data as well as unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (jsoup)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Supply Chain Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Supply Chain Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Supply Chain Finance accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (jsoup)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance Process Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance Process Management accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance Process Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (jsoup)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Origination, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Origination accessible data as well as unauthorized read access to a subset of Oracle Banking Origination accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (jsoup)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Oracle GoldenGate Stream Analytics (jsoup)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Stream Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GoldenGate Stream Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GoldenGate Stream Analytics accessible data as well as unauthorized read access to a subset of Oracle GoldenGate Stream Analytics accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-9464V-12.2.1.4.0", "P-14195V-14.7.0.2.0" ], "known_not_affected": [ "P-2241V-2.5.0.0.9", "P-2241V-2.5.0.1.11", "P-2241V-2.5.0.2.3", "P-2241V-2.4.0.1.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.5.0.0.9", "P-2241V-2.5.0.1.11", "P-2241V-2.5.0.2.3", "P-2241V-2.4.0.1.21" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-9464V-12.2.1.4.0", "P-14195V-14.7.0.2.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2241V-2.5.0.0.9", "P-2241V-2.5.0.1.11", "P-2241V-2.5.0.2.3", "P-2241V-2.4.0.1.21" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-2241V-2.5.0.0.9", "P-2241V-2.5.0.1.11", "P-2241V-2.5.0.2.3", "P-2241V-2.4.0.1.21" ] } ] }, { "cve": "CVE-2022-36760", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35218757" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (Apache HTTP Server)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Ops Center. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2022-36944", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "34773656" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Other (Scala)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14547V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14547V-23.1.0" ] } ] }, { "cve": "CVE-2022-37434", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5757V-19.1.0.0.0-19.1.0.0.230422", "P-5757V-21.3.0.0.0-21.10.0.0.5" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Advanced Inventory Planning", "text": "34711846" }, { "system_name": "Oracle Bug ID of Oracle Hospitality Simphony", "text": "35429841" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35472165" }, { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "34711765" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate", "text": "34711829" }, { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "34711770" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (zlib)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in takeover of Oracle Agile Engineering Data Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (zlib)). Supported versions that are affected are 21.0.2.0-21.0.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle GoldenGate (component: Oracle GoldenGate (zlib)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Advanced Inventory Planning product of Oracle Retail Applications (component: Operations & Maintenance (zlib)). Supported versions that are affected are 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Advanced Inventory Planning. Successful attacks of this vulnerability can result in takeover of Oracle Retail Advanced Inventory Planning. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Linux POS (MySQL Server)). The supported version that is affected is 19.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (zlib)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4451V-21.0.2.0-21.0.2.7", "P-1785V-16.0", "P-1785V-15.0", "P-10899V-8.6.0.0", "P-11594V-19.5", "P-4436V-6.2.1.0-6.2.1.8" ], "known_not_affected": [ "P-5757V-19.1.0.0.0-19.1.0.0.230422", "P-5757V-21.3.0.0.0-21.10.0.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4451V-21.0.2.0-21.0.2.7", "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5757V-19.1.0.0.0-19.1.0.0.230422", "P-5757V-21.3.0.0.0-21.10.0.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1785V-16.0", "P-1785V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2956573.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11594V-19.5" ], "url": "https://support.oracle.com/rs?type=doc&id=2953046.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4451V-21.0.2.0-21.0.2.7", "P-1785V-16.0", "P-1785V-15.0", "P-10899V-8.6.0.0", "P-11594V-19.5", "P-4436V-6.2.1.0-6.2.1.8" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5757V-19.1.0.0.0-19.1.0.0.230422", "P-5757V-21.3.0.0.0-21.10.0.0.5" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5757V-19.1.0.0.0-19.1.0.0.230422", "P-5757V-21.3.0.0.0-21.10.0.0.5" ] } ] }, { "cve": "CVE-2022-37436", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35218757" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (Apache HTTP Server)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Ops Center. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2022-37454", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1522V-18.1.0.1.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35515911" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "34997339" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "34997331" }, { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "35043776" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "34997346" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Python)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (Python)). The supported version that is affected is 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Python)). Supported versions that are affected are 22.4.0, 23.1.0 and 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-5.1", "P-14277V-23.2.0", "P-14277V-22.4.0", "P-5085V-8.59", "P-14121V-22.4.0", "P-5085V-8.60", "P-14121V-23.1.0", "P-14277V-23.1.0" ], "known_not_affected": [ "P-1522V-18.1.0.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960571.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-18.1.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.2.0", "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10761V-5.1", "P-14277V-23.2.0", "P-14277V-22.4.0", "P-5085V-8.59", "P-14121V-22.4.0", "P-5085V-8.60", "P-14121V-23.1.0", "P-14277V-23.1.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1522V-18.1.0.1.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1522V-18.1.0.1.0" ] } ] }, { "cve": "CVE-2022-3786", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35095119" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: E1 Dev Platform Tech (Node.js)). Supported versions that are affected are Prior to 9.2.7.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.7.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.7.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2959208.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.7.3" ] } ] }, { "cve": "CVE-2022-37865", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35407428" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35407415" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Ivy)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache Ivy)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8480V-8.0.34 and prior" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "P-8480V-8.0.34 and prior" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2022-37866", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35407428" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35407415" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Ivy)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache Ivy)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8480V-8.0.34 and prior" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "P-8480V-8.0.34 and prior" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2022-38398", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "34970639" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (Apache Batik)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4436V-6.2.1.0-6.2.1.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-4436V-6.2.1.0-6.2.1.8" ] } ] }, { "cve": "CVE-2022-38648", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "34970639" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (Apache Batik)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4436V-6.2.1.0-6.2.1.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-4436V-6.2.1.0-6.2.1.8" ] } ] }, { "cve": "CVE-2022-38751", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-2196V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35323865" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Data Integrator product of Oracle Fusion Middleware (component: 10g - Users, roles, credentials, security (SnakeYAML)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-2196V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2196V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-2196V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-38752", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35156509" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (SnakeYAML)). Supported versions that are affected are 6.0.0.1-7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13784V-6.0.0.1-7.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-6.0.0.1-7.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13784V-6.0.0.1-7.0.0.0" ] } ] }, { "cve": "CVE-2022-39135", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35346875" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache Calcite)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2022-3996", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35136519" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (OpenSSL)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10762V-5.1", "P-10762V-5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960572.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-10762V-5.0" ] } ] }, { "cve": "CVE-2022-40146", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "34970639" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (Apache Batik)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4436V-6.2.1.0-6.2.1.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-4436V-6.2.1.0-6.2.1.8" ] } ] }, { "cve": "CVE-2022-40149", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "34914661" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Jettison)). Supported versions that are affected are 4.3.0.2.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.0 and 4.5.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] } ] }, { "cve": "CVE-2022-40150", "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35436155" }, { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "34914661" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35107574" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Jettison)). Supported versions that are affected are 4.3.0.2.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.0 and 4.5.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (Jettison)). Supported versions that are affected are 23.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (Jettison)). Supported versions that are affected are 14.0-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9052V-14.0-14.7", "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0", "P-9011V-23.4 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-23.4 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9052V-14.0-14.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9052V-14.0-14.7", "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0", "P-9011V-23.4 and prior" ] } ] }, { "cve": "CVE-2022-40151", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35001977" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35001978" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35001986" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35251962" }, { "system_name": "Oracle Bug ID of Application Management Pack for Oracle Utilities and Enterprise Taxation", "text": "35251973" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35002021" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35001979" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35001992" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Sites", "text": "35002023" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35001985" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35001996" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35001982" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (XStream)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (XStream)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (XStream)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (XStream)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (XStream)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (XStream)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Pricing Updater (XStream)). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP/IP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (XStream)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (XStream)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (XStream)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (XStream)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Application Management Pack for Oracle Utilities and Enterprise Taxation product of Oracle Utilities Applications (component: System Wide (XStream)). Supported versions that are affected are 13.4.1.0.0 and 13.5.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle Utilities and Enterprise Taxation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Application Management Pack for Oracle Utilities and Enterprise Taxation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13784V-7.0.0.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-9600V-13.4.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-9600V-13.5.1.0.0", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9617V-12.2.1.4.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-9742V-12.0.0.4.0-12.0.0.6.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4.0-12.0.0.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957693.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-9600V-13.5.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9600V-13.4.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9617V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13784V-7.0.0.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-9600V-13.4.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-9600V-13.5.1.0.0", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9617V-12.2.1.4.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-9742V-12.0.0.4.0-12.0.0.6.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] } ] }, { "cve": "CVE-2022-40152", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-2196V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35082128" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "34974938" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Woodstox)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Data Integrator product of Oracle Fusion Middleware (component: SDK APIs (Woodstox)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0" ], "known_not_affected": [ "P-2196V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2196V-12.2.1.4.0", "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4647V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-2196V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-40705", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "34869941" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Security (Apache CXF)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in takeover of BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1479V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-40755", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "35166328" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (JasPer)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-22.4.0", "P-14117V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-22.4.0", "P-14117V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960537.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14117V-22.4.0", "P-14117V-23.1.0" ] } ] }, { "cve": "CVE-2022-40897", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35387961" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python setuptools)). Supported versions that are affected are 8.59 and 8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2022-41704", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "34970631" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35275899" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35275900" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35275911" }, { "system_name": "Oracle Bug ID of Oracle Fusion Middleware MapViewer", "text": "34970688" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35275901" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35275912" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35275902" }, { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "34970639" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35275907" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35278943" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (Apache Batik)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Apache Batik)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Branch accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Apache Batik)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache Batik)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Apache Batik)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Credit Facilities Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Apache Batik)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache Batik)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Supply Chain Finance accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Apache Batik)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Trade Finance Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Batik)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-1215V-12.2.1.4.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-4436V-6.2.1.0-6.2.1.8", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-5242V-14.1.1.0.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-5242V-12.2.1.4.0", "P-9464V-12.2.1.4.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-1215V-12.2.1.4.0", "P-5242V-12.2.1.4.0", "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-1215V-12.2.1.4.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-4436V-6.2.1.0-6.2.1.8", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-5242V-14.1.1.0.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-5242V-12.2.1.4.0", "P-9464V-12.2.1.4.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] } ] }, { "cve": "CVE-2022-41853", "ids": [ { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "34997560" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (HyperSQL Database)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4647V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-41881", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13373V-20.3.28", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13373V-21.2.55", "P-1870V-22.1.1.1.0-22.1.1.11.0", "P-13373V-19.5.33", "P-13373V-22.3.26" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "35001724" }, { "system_name": "Oracle Bug ID of Oracle NoSQL Database", "text": "35001735" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35001714" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "35001747" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35001701" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35001706" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35001726" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35001748" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35001705" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35001727" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35001694" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35001693" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35001721" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35001696" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergent Charging Controller", "text": "35251989" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35251998" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35251981" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "35252004" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35251990" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Charging and Control", "text": "35251991" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Netty)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Netty)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Netty)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Netty)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Netty)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Netty)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Experience Manager (Netty)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Netty)). Supported versions that are affected are 22.4.2 and 22.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Messaging Store (Netty)). The supported version that is affected is 8.1.0.21.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: HTTP Gateway (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Netty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: Tools (Netty)). Supported versions that are affected are 2.5.0.1, 2.5.0.2 and 2.6.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Utilities Network Management System. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Netty)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (Netty)). The supported version that is affected is 12.0.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Core (Netty)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (Netty)). The supported version that is affected is 12.0.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Netty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Netty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14547V-23.1.0", "P-14324V-14.5-14.7", "P-2241V-2.6.0.0", "P-14195V-14.7.0.2.0", "P-13784V-7.0.0.0", "P-12985V-12.0.6.0.0", "P-4623V-12.0.6.0.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13701V-14.4-14.7", "P-8496V-8.1.0.21.0", "P-14118V-22.4.3", "P-9633V-11.3.2", "P-14118V-22.4.2", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0" ], "known_not_affected": [ "P-13373V-20.3.28", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13373V-21.2.55", "P-1870V-22.1.1.1.0-22.1.1.11.0", "P-13373V-19.5.33", "P-13373V-22.3.26" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.3", "P-14118V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.21.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957711.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957693.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13373V-20.3.28", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13373V-21.2.55", "P-1870V-22.1.1.1.0-22.1.1.11.0", "P-13373V-19.5.33", "P-13373V-22.3.26" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12985V-12.0.6.0.0", "P-4623V-12.0.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957695.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14547V-23.1.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-13784V-7.0.0.0", "P-12985V-12.0.6.0.0", "P-4623V-12.0.6.0.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13701V-14.4-14.7", "P-8496V-8.1.0.21.0", "P-14118V-22.4.3", "P-9633V-11.3.2", "P-14118V-22.4.2", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13373V-20.3.28", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13373V-21.2.55", "P-1870V-22.1.1.1.0-22.1.1.11.0", "P-13373V-19.5.33", "P-13373V-22.3.26" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13373V-20.3.28", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13373V-21.2.55", "P-1870V-22.1.1.1.0-22.1.1.11.0", "P-13373V-19.5.33", "P-13373V-22.3.26" ] } ] }, { "cve": "CVE-2022-41915", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13373V-20.3.28", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13373V-21.2.55", "P-1870V-22.1.1.1.0-22.1.1.11.0", "P-13373V-19.5.33", "P-13373V-22.3.26" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "35001724" }, { "system_name": "Oracle Bug ID of Oracle NoSQL Database", "text": "35001735" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35001714" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "35001747" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35001701" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35001706" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35001726" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35001748" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35001705" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35001727" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35001694" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35066339" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35001693" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35001721" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35001696" }, { "system_name": "Oracle Bug ID of Oracle Communications Pricing Design Center", "text": "34908256" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergent Charging Controller", "text": "35251989" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35251998" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35251981" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "35252004" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35251990" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Charging and Control", "text": "35251991" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: Rest Services Manager (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Pricing Design Center accessible data as well as unauthorized read access to a subset of Oracle Communications Pricing Design Center accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Netty)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Netty)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Netty)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Netty)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Netty)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Netty)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Experience Manager (Netty)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Netty)). Supported versions that are affected are 22.4.2 and 22.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Messaging Store (Netty)). The supported version that is affected is 8.1.0.21.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: HTTP Gateway (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Netty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: Tools (Netty)). Supported versions that are affected are 2.5.0.1, 2.5.0.2 and 2.6.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Utilities Network Management System. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Netty)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (Apache ZooKeeper)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (Netty)). The supported version that is affected is 12.0.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Core (Netty)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (Netty)). The supported version that is affected is 12.0.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Netty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Netty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14547V-23.1.0", "P-14324V-14.5-14.7", "P-2241V-2.6.0.0", "P-14195V-14.7.0.2.0", "P-13784V-7.0.0.0", "P-12985V-12.0.6.0.0", "P-9001V-23.5 and prior", "P-4623V-12.0.6.0.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13701V-14.4-14.7", "P-9437V-12.0.0.4.0-12.0.0.7.0", "P-8496V-8.1.0.21.0", "P-14118V-22.4.3", "P-9633V-11.3.2", "P-14118V-22.4.2", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0" ], "known_not_affected": [ "P-13373V-20.3.28", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13373V-21.2.55", "P-1870V-22.1.1.1.0-22.1.1.11.0", "P-13373V-19.5.33", "P-13373V-22.3.26" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-9437V-12.0.0.4.0-12.0.0.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957693.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.3", "P-14118V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.21.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957711.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13373V-20.3.28", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13373V-21.2.55", "P-1870V-22.1.1.1.0-22.1.1.11.0", "P-13373V-19.5.33", "P-13373V-22.3.26" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12985V-12.0.6.0.0", "P-4623V-12.0.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957695.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9437V-12.0.0.4.0-12.0.0.7.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14547V-23.1.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-13784V-7.0.0.0", "P-12985V-12.0.6.0.0", "P-9001V-23.5 and prior", "P-4623V-12.0.6.0.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13701V-14.4-14.7", "P-8496V-8.1.0.21.0", "P-14118V-22.4.3", "P-9633V-11.3.2", "P-14118V-22.4.2", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13373V-20.3.28", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13373V-21.2.55", "P-1870V-22.1.1.1.0-22.1.1.11.0", "P-13373V-19.5.33", "P-13373V-22.3.26" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-2241V-2.6.0.0", "P-2241V-2.5.0.2", "P-2241V-2.5.0.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13373V-20.3.28", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13373V-21.2.55", "P-1870V-22.1.1.1.0-22.1.1.11.0", "P-13373V-19.5.33", "P-13373V-22.3.26" ] } ] }, { "cve": "CVE-2022-41966", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35001977" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35001978" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35001986" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35251962" }, { "system_name": "Oracle Bug ID of Application Management Pack for Oracle Utilities and Enterprise Taxation", "text": "35251973" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35002021" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35001979" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35001992" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Sites", "text": "35002023" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35001985" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35001996" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35001982" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (XStream)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (XStream)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (XStream)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (XStream)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (XStream)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (XStream)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Pricing Updater (XStream)). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP/IP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (XStream)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (XStream)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (XStream)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (XStream)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Application Management Pack for Oracle Utilities and Enterprise Taxation product of Oracle Utilities Applications (component: System Wide (XStream)). Supported versions that are affected are 13.4.1.0.0 and 13.5.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle Utilities and Enterprise Taxation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Application Management Pack for Oracle Utilities and Enterprise Taxation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13784V-7.0.0.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-9600V-13.4.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-9600V-13.5.1.0.0", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9617V-12.2.1.4.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-9742V-12.0.0.4.0-12.0.0.6.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4.0-12.0.0.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957693.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-9600V-13.5.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9600V-13.4.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9617V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13784V-7.0.0.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-9600V-13.4.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-9600V-13.5.1.0.0", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9617V-12.2.1.4.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-9742V-12.0.0.4.0-12.0.0.6.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] } ] }, { "cve": "CVE-2022-42003", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14547V-23.1.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "34811595" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending", "text": "34811596" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "34811598" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35066339" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35470914" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "34811609" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "35526459" }, { "system_name": "Oracle Bug ID of Oracle Banking Treasury Management", "text": "35526209" }, { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "34811568" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "34791946" }, { "system_name": "Oracle Bug ID of Oracle Autovue for Agile Product Lifecycle Management", "text": "34811569" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "34811646" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "34811603" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "34811727" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34811608" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Application (jackson-databind)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (jackson-databind)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Autovue for Agile Product Lifecycle Management product of Oracle Supply Chain (component: Core (jackson-databind)). The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Autovue for Agile Product Lifecycle Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Autovue for Agile Product Lifecycle Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (jackson-databind)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: core module (jackson-databind)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (jackson-databind)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (jackson-databind)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (jackson-databind)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (jackson-databind)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (jackson-databind)). Supported versions that are affected are 14.0-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Oracle GoldenGate Stream Analytics (jackson-databind)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle GoldenGate Stream Analytics. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Stream Analytics. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (Apache ZooKeeper)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (jackson-databind)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infra Code (jackson-databind)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Treasury Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (jackson-databind)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9052V-14.0-14.7", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-2025V-6.4.0.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14133V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-4622V-13.3.0.1", "P-12989V-14.0-14.3", "P-14134V-14.5-14.7", "P-9001V-23.5 and prior", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-2025V-7.0.0.0.0", "P-14134V-14.0-14.3", "P-12989V-14.5-14.7", "P-4434V-21.0.2" ], "known_not_affected": [ "P-14547V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4434V-21.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12989V-14.0-14.3", "P-14134V-14.5-14.7", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9052V-14.0-14.7", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14133V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14134V-14.0-14.3", "P-12989V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14547V-23.1.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1", "P-12989V-14.0-14.3", "P-14134V-14.5-14.7", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9052V-14.0-14.7", "P-9001V-23.5 and prior", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-2025V-6.4.0.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14133V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-2025V-7.0.0.0.0", "P-14134V-14.0-14.3", "P-12989V-14.5-14.7", "P-4434V-21.0.2", "P-14195V-14.7.0.2.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14547V-23.1.0" ] } ] }, { "cve": "CVE-2022-42004", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14547V-23.1.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "34811595" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending", "text": "34811596" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "34811598" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35066339" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35470914" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "34811609" }, { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "34811568" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "34791946" }, { "system_name": "Oracle Bug ID of Oracle Autovue for Agile Product Lifecycle Management", "text": "34811569" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "34811646" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "34811603" }, { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "34947815" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "34811727" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34811608" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Application (jackson-databind)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (jackson-databind)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Autovue for Agile Product Lifecycle Management product of Oracle Supply Chain (component: Core (jackson-databind)). The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Autovue for Agile Product Lifecycle Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Autovue for Agile Product Lifecycle Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (jackson-databind)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: core module (jackson-databind)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (jackson-databind)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (jackson-databind)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (jackson-databind)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (jackson-databind)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (jackson-databind)). Supported versions that are affected are 14.0-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Oracle GoldenGate Stream Analytics (jackson-databind)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle GoldenGate Stream Analytics. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Stream Analytics. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (jackson-databind)). Supported versions that are affected are 21.0.2.0-21.0.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core (Apache ZooKeeper)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (jackson-databind)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1", "P-12989V-14.0-14.3", "P-4451V-21.0.2.0-21.0.2.7", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9052V-14.0-14.7", "P-9001V-23.5 and prior", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-2025V-6.4.0.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-2025V-7.0.0.0.0", "P-12989V-14.5-14.7", "P-4434V-21.0.2", "P-14195V-14.7.0.2.0" ], "known_not_affected": [ "P-14547V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4451V-21.0.2.0-21.0.2.7", "P-4434V-21.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12989V-14.0-14.3", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9052V-14.0-14.7", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-12989V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14547V-23.1.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1", "P-12989V-14.0-14.3", "P-4451V-21.0.2.0-21.0.2.7", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9052V-14.0-14.7", "P-9001V-23.5 and prior", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-2025V-6.4.0.0.0", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-2025V-7.0.0.0.0", "P-12989V-14.5-14.7", "P-4434V-21.0.2", "P-14195V-14.7.0.2.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14547V-23.1.0" ] } ] }, { "cve": "CVE-2022-4203", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35136519" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (OpenSSL)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10762V-5.1", "P-10762V-5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960572.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-10762V-5.0" ] } ] }, { "cve": "CVE-2022-42252", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "35137250" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (Apache Tomcat)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4436V-6.2.1.0-6.2.1.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-4436V-6.2.1.0-6.2.1.8" ] } ] }, { "cve": "CVE-2022-42890", "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35553071" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "34970631" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35275899" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35275900" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35275911" }, { "system_name": "Oracle Bug ID of Oracle Fusion Middleware MapViewer", "text": "34970688" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35275901" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35275912" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35275902" }, { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "34970639" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35275907" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35278943" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (Apache Batik)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Apache Batik)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Branch accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Apache Batik)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache Batik)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Apache Batik)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Credit Facilities Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Apache Batik)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache Batik)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Supply Chain Finance accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Apache Batik)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Trade Finance Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Batik)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Apache Batik)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-1215V-12.2.1.4.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-4436V-6.2.1.0-6.2.1.8", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-5242V-14.1.1.0.0", "P-13703V-14.7.1.0.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-5242V-12.2.1.4.0", "P-9464V-12.2.1.4.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-1215V-12.2.1.4.0", "P-5242V-12.2.1.4.0", "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-1215V-12.2.1.4.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-4436V-6.2.1.0-6.2.1.8", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-5242V-14.1.1.0.0", "P-13703V-14.7.1.0.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-5242V-12.2.1.4.0", "P-9464V-12.2.1.4.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] } ] }, { "cve": "CVE-2022-42898", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35001945" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35001939" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35001941" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35166339" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Kerberos)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Oracle Linux (Kerberos)). Supported versions that are affected are 22.4.2 and 22.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Kerberos)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Install/Upgrade (Kerberos)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-22.4.3", "P-14118V-22.4.2", "P-14547V-23.1.0", "P-14121V-22.4.0", "P-10899V-8.6.0.0", "P-14121V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.3", "P-14118V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-22.4.3", "P-14118V-22.4.2", "P-14547V-23.1.0", "P-14121V-22.4.0", "P-10899V-8.6.0.0", "P-14121V-23.1.0" ] } ] }, { "cve": "CVE-2022-42919", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35515911" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "34997339" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "34997331" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "34997346" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Python)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (Python)). The supported version that is affected is 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Python)). Supported versions that are affected are 22.4.0, 23.1.0 and 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-5.1", "P-14277V-23.2.0", "P-14277V-22.4.0", "P-5085V-8.59", "P-14121V-22.4.0", "P-5085V-8.60", "P-14121V-23.1.0", "P-14277V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960571.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.2.0", "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10761V-5.1", "P-14277V-23.2.0", "P-14277V-22.4.0", "P-5085V-8.59", "P-14121V-22.4.0", "P-5085V-8.60", "P-14121V-23.1.0", "P-14277V-23.1.0" ] } ] }, { "cve": "CVE-2022-42920", "ids": [ { "system_name": "Oracle Bug ID of Oracle BAM (Business Activity Monitoring)", "text": "35087697" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle BAM (Business Activity Monitoring) product of Oracle Fusion Middleware (component: General (Apache Commons BCEL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BAM (Business Activity Monitoring). Successful attacks of this vulnerability can result in takeover of Oracle BAM (Business Activity Monitoring). CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1675V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1675V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1675V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-4304", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35136519" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35515052" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "35501475" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (OpenSSL)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (OpenSSL)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (OpenSSL)). The supported version that is affected is 23.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14119V-23.1.1", "P-10762V-5.1", "P-14123V-23.1.2", "P-10762V-5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960572.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960549.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-10762V-5.0", "P-14119V-23.1.1", "P-14123V-23.1.2" ] } ] }, { "cve": "CVE-2022-43548", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35095119" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: E1 Dev Platform Tech (Node.js)). Supported versions that are affected are Prior to 9.2.7.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.7.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.7.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2959208.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.7.3" ] } ] }, { "cve": "CVE-2022-43680", "ids": [ { "system_name": "Oracle Bug ID of Oracle Text (LibExpat)", "text": "34692596" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35237595" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Text (LibExpat) component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Index privilege with network access via Oracle Net to compromise Oracle Text (LibExpat). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Text (LibExpat). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Thirdparty (LibExpat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-211V-19.3-19.19", "P-1042V-12.2.1.4.0", "P-211V-21.3-21.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-211V-21.3-21.10", "P-211V-19.3-19.19" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-211V-21.3-21.10", "P-211V-19.3-19.19" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-4450", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35136519" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35515052" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "35501475" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (OpenSSL)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (OpenSSL)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (OpenSSL)). The supported version that is affected is 23.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14119V-23.1.1", "P-10762V-5.1", "P-14123V-23.1.2", "P-10762V-5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960572.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960549.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-10762V-5.0", "P-14119V-23.1.1", "P-14123V-23.1.2" ] } ] }, { "cve": "CVE-2022-45047", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-2196V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "34830503" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "34830468" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "34830463" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "34830485" }, { "system_name": "Oracle Bug ID of Oracle Banking Treasury Management", "text": "35526198" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending", "text": "34830481" }, { "system_name": "Oracle Bug ID of Oracle Banking Payments", "text": "34830483" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Mina SSHD)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: core module (Apache Mina SSHD)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Payments Core (Apache Mina SSHD)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in takeover of Oracle Banking Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (Apache Mina SSHD)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in takeover of Oracle Banking Trade Finance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (Apache Mina SSHD)). Supported versions that are affected are 14.0-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infra Code (Apache Mina SSHD)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Treasury Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-12989V-14.0-14.3", "P-14134V-14.5-14.7", "P-14133V-14.5-14.7", "P-13011V-14.5-14.7", "P-9052V-14.0-14.7", "P-14134V-14.0-14.3", "P-12989V-14.5-14.7", "P-9464V-12.2.1.4.0" ], "known_not_affected": [ "P-2196V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2196V-12.2.1.4.0", "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12989V-14.0-14.3", "P-14134V-14.5-14.7", "P-14133V-14.5-14.7", "P-13011V-14.5-14.7", "P-9052V-14.0-14.7", "P-14134V-14.0-14.3", "P-12989V-14.5-14.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-12989V-14.0-14.3", "P-14134V-14.5-14.7", "P-14133V-14.5-14.7", "P-13011V-14.5-14.7", "P-9052V-14.0-14.7", "P-14134V-14.0-14.3", "P-12989V-14.5-14.7", "P-9464V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-2196V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-45061", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35515911" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "34997339" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "34997331" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "34997346" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Python)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (Python)). The supported version that is affected is 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Python)). Supported versions that are affected are 22.4.0, 23.1.0 and 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-5.1", "P-14277V-23.2.0", "P-14277V-22.4.0", "P-5085V-8.59", "P-14121V-22.4.0", "P-5085V-8.60", "P-14121V-23.1.0", "P-14277V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960571.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.2.0", "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10761V-5.1", "P-14277V-23.2.0", "P-14277V-22.4.0", "P-5085V-8.59", "P-14121V-22.4.0", "P-5085V-8.60", "P-14121V-23.1.0", "P-14277V-23.1.0" ] } ] }, { "cve": "CVE-2022-45143", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Compliance Studio", "text": "35137277" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35287850" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35538576" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35269936" }, { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "35137250" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (Apache Tomcat)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Studio (Apache Tomcat)). The supported version that is affected is 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Compliance Studio accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (Apache Tomcat)). Supported versions that are affected are 23.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Endeca Application Controller (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2", "P-4436V-6.2.1.0-6.2.1.8", "P-9011V-23.4 and prior", "P-14392V-8.1.2.4" ], "known_not_affected": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14392V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2959360.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-23.4 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-14392V-8.1.2.4", "P-4436V-6.2.1.0-6.2.1.8" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-9011V-23.4 and prior" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ] }, { "cve": "CVE-2022-45199", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "34855109" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "34855106" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "34855112" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "34855111" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "34855105" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "34855113" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Pillow)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Pillow)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Pillow)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Pillow)). Supported versions that are affected are 14.6.0.3.0 and 14.7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Pillow)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Pillow)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.6.0.3.0", "P-13718V-14.7.0.2.0", "P-13304V-14.7.0.1.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13703V-14.7.1.0.0", "P-13304V-14.6.0.3.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13718V-14.7.0.2.0", "P-13304V-14.7.0.1.0", "P-13718V-14.7.1.0.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13703V-14.7.1.0.0", "P-13304V-14.6.0.3.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13718V-14.7.0.2.0", "P-13304V-14.7.0.1.0", "P-13718V-14.7.1.0.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] } ] }, { "cve": "CVE-2022-45685", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "34914661" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Jettison)). Supported versions that are affected are 4.3.0.2.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.0 and 4.5.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] } ] }, { "cve": "CVE-2022-45688", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.7", "P-13497V-Oracle GraalVM for JDK:20.0.1", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "35467777" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35165884" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35514594" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "35501597" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35311207" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (JSON-java)). Supported versions that are affected are 23.5 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (JSON-java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Tools (JSON-java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (JSON-java)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (JSON-java)). Supported versions that are affected are 23.1.2 and 22.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0", "P-14123V-22.4.3", "P-14119V-23.1.1", "P-14123V-23.1.2", "P-9011V-23.5 and prior" ], "known_not_affected": [ "P-13497V-Oracle GraalVM Enterprise Edition:22.3.2", "P-13497V-Oracle GraalVM for JDK:17.0.7", "P-13497V-Oracle GraalVM for JDK:20.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-23.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.7", "P-13497V-Oracle GraalVM for JDK:20.0.1", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957260.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960549.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-22.4.3", "P-14123V-23.1.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9011V-23.5 and prior", "P-4647V-12.2.1.4.0", "P-14123V-22.4.3", "P-14119V-23.1.1", "P-14123V-23.1.2" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.7", "P-13497V-Oracle GraalVM for JDK:20.0.1", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.2" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.7", "P-13497V-Oracle GraalVM for JDK:20.0.1", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.2" ] } ] }, { "cve": "CVE-2022-45693", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "35526425" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35436155" }, { "system_name": "Oracle Bug ID of Oracle Banking Treasury Management", "text": "35526163" }, { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "34914661" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Jettison)). Supported versions that are affected are 4.3.0.2.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.0 and 4.5.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (Jettison)). Supported versions that are affected are 14.0-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infra Code (Jettison)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Treasury Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (Jettison)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14134V-14.5-14.7", "P-14133V-14.5-14.7", "P-9052V-14.0-14.7", "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-14134V-14.0-14.3", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14134V-14.5-14.7", "P-14133V-14.5-14.7", "P-9052V-14.0-14.7", "P-14134V-14.0-14.3" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14134V-14.5-14.7", "P-14133V-14.5-14.7", "P-9052V-14.0-14.7", "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-14134V-14.0-14.3", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] } ] }, { "cve": "CVE-2022-45787", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35005473" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Apache James MIME4J)). Supported versions that are affected are 22.4.2 and 23.1.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Console executes to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14250V-23.1.1", "P-14250V-22.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.1.1", "P-14250V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960530.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14250V-23.1.1", "P-14250V-22.4.2" ] } ] }, { "cve": "CVE-2022-46153", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "35219542" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Traefik)). The supported version that is affected is 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2270V-7.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2957694.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2270V-7.4.1" ] } ] }, { "cve": "CVE-2022-46363", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.4.3.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35098687" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35166297" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35166298" }, { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "35098683" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35166293" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35166292" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35166295" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35098686" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35166291" }, { "system_name": "Oracle Bug ID of BI Publisher", "text": "34869941" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Security (Apache CXF)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in takeover of BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Messaging Store (Apache CXF)). The supported version that is affected is 8.1.0.21.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Messaging Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache CXF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Apache CXF)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in takeover of Oracle Banking Origination. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Apache CXF)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Cash Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache CXF)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Apache CXF)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Apache CXF)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache CXF)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in takeover of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Apache CXF)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-8496V-8.1.0.21.0", "P-1479V-6.4.0.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14195V-14.7.0.2.0" ], "known_not_affected": [ "P-4379V-21.4.3.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.21.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957711.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.4.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-8496V-8.1.0.21.0", "P-1479V-6.4.0.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14195V-14.7.0.2.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.4.3.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.4.3.0.0" ] } ] }, { "cve": "CVE-2022-46364", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5579V-22.12.2", "P-5579V-22.12.3", "P-4379V-21.4.3.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Primavera P6 Enterprise Project Portfolio Management", "text": "35149480" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35098687" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35166297" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35166298" }, { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "35098683" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35166293" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35166292" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35166295" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35098686" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35166291" }, { "system_name": "Oracle Bug ID of BI Publisher", "text": "34869941" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Security (Apache CXF)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in takeover of BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Messaging Store (Apache CXF)). The supported version that is affected is 8.1.0.21.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Messaging Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache CXF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Apache CXF)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in takeover of Oracle Banking Origination. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: P6 Web Services (Apache CXF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Apache CXF)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Cash Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache CXF)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Apache CXF)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Apache CXF)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache CXF)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in takeover of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Apache CXF)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-8496V-8.1.0.21.0", "P-1479V-6.4.0.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14195V-14.7.0.2.0" ], "known_not_affected": [ "P-5579V-22.12.2", "P-5579V-22.12.3", "P-4379V-21.4.3.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.21.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957711.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.4.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5579V-22.12.2", "P-5579V-22.12.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2958838.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-8496V-8.1.0.21.0", "P-1479V-6.4.0.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14195V-14.7.0.2.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5579V-22.12.2", "P-5579V-22.12.3", "P-4379V-21.4.3.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5579V-22.12.2", "P-5579V-22.12.3", "P-4379V-21.4.3.0.0" ] } ] }, { "cve": "CVE-2022-48285", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-21.12.0-21.12.15", "P-10354V-22.12.0-22.12.6", "P-10354V-19.12.0-19.12.16", "P-10354V-18.8.0-18.8.18" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "35192512" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35192510" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "35192485" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35192496" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "35192551" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35192494" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34968447" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35192491" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "35192516" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "35192549" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35192490" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35192548" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (JSZip)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (JSZip)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking APIs accessible data as well as unauthorized read access to a subset of Oracle Banking APIs accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (JSZip)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Credit Facilities Process Management accessible data as well as unauthorized read access to a subset of Oracle Banking Credit Facilities Process Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (JSZip)). Supported versions that are affected are 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Digital Experience accessible data as well as unauthorized read access to a subset of Oracle Banking Digital Experience accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (JSZip)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Liquidity Management accessible data as well as unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (JSZip)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Supply Chain Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Supply Chain Finance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (JSZip)). The supported version that is affected is 14.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Origination accessible data as well as unauthorized read access to a subset of Oracle Banking Origination accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface (JSZip)). Supported versions that are affected are 8.0.7, 8.0.8, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: User Interface (JSZip)). The supported version that is affected is 8.0.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Behavior Detection Platform accessible data as well as unauthorized read access to a subset of Oracle Financial Services Behavior Detection Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (JSZip)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Testing Accelerator accessible data as well as unauthorized read access to a subset of Oracle Utilities Testing Accelerator accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (JSZip)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16, 20.12.0-20.12.11 and 21.12.0-21.12.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Gateway. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (JSZip)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-10605V-21.12.0-21.12.9", "P-13676V-22.1.0.0.0", "P-2025V-6.4.0.0.0", "P-13304V-14.7.1.0.0", "P-14325V-14.7.0", "P-13676V-21.1.0.0.0", "P-5680V-8.1.0", "P-13872V-14.7.0.2.0", "P-5680V-8.1.1", "P-13676V-22.2.0.0.0", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-9190V-8.0.8.1", "P-13784V-7.0.0.0", "P-12605V-22.1.0.0.0", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-10605V-20.12.0-20.12.11", "P-12605V-21.1.0.0.0", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-13304V-14.7.0.2.0", "P-12605V-22.2.0.0.0" ], "known_not_affected": [ "P-10354V-20.12.0-20.12.16", "P-10354V-21.12.0-21.12.15", "P-10354V-19.12.0-19.12.16", "P-10354V-22.12.0-22.12.6", "P-10354V-18.8.0-18.8.18" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.0.2.0", "P-13676V-22.2.0.0.0", "P-13872V-14.7.1.0.0", "P-12605V-22.1.0.0.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13676V-22.1.0.0.0", "P-12605V-21.1.0.0.0", "P-13304V-14.7.1.0.0", "P-14325V-14.7.0", "P-12605V-22.2.0.0.0", "P-13676V-21.1.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2960444.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.0.8.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2959412.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-13784V-6.0.0.1-6.0.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-21.12.0-21.12.15", "P-10354V-22.12.0-22.12.6", "P-10605V-21.12.0-21.12.9", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-10605V-20.12.0-20.12.11", "P-10354V-19.12.0-19.12.16", "P-10354V-18.8.0-18.8.18" ], "url": "https://support.oracle.com/rs?type=doc&id=2958838.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-10605V-21.12.0-21.12.9", "P-13676V-22.1.0.0.0", "P-2025V-6.4.0.0.0", "P-13304V-14.7.1.0.0", "P-14325V-14.7.0", "P-13676V-21.1.0.0.0", "P-5680V-8.1.0", "P-13872V-14.7.0.2.0", "P-5680V-8.1.1", "P-13676V-22.2.0.0.0", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-9190V-8.0.8.1", "P-13784V-7.0.0.0", "P-12605V-22.1.0.0.0", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-10605V-20.12.0-20.12.11", "P-12605V-21.1.0.0.0", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-13304V-14.7.0.2.0", "P-12605V-22.2.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10354V-20.12.0-20.12.16", "P-10354V-21.12.0-21.12.15", "P-10354V-22.12.0-22.12.6", "P-10354V-19.12.0-19.12.16", "P-10354V-18.8.0-18.8.18" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-21.12.0-21.12.15", "P-10354V-22.12.0-22.12.6", "P-10354V-19.12.0-19.12.16", "P-10354V-18.8.0-18.8.18" ] } ] }, { "cve": "CVE-2022-4899", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35353698" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "35360566" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "35360563" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (Zstandard)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (Zstandard)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (Zstandard)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8576V-8.0.33 and prior", "P-8479V-8.0.33 and prior", "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8576V-8.0.33 and prior", "P-8478V-8.0.33 and prior", "P-8479V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8576V-8.0.33 and prior", "P-8478V-8.0.33 and prior", "P-8479V-8.0.33 and prior" ] } ] }, { "cve": "CVE-2023-0215", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35136519" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "35498370" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35515052" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "35501475" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (OpenSSL)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (OpenSSL)). Supported versions that are affected are 22.4.3 and 23.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (OpenSSL)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (OpenSSL)). The supported version that is affected is 23.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10762V-5.1", "P-10762V-5.0", "P-14122V-23.1.2", "P-14122V-22.4.3", "P-14119V-23.1.1", "P-14123V-23.1.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960572.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.1.2", "P-14122V-22.4.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2960531.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960549.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-10762V-5.0", "P-14122V-23.1.2", "P-14122V-22.4.3", "P-14119V-23.1.1", "P-14123V-23.1.2" ] } ] }, { "cve": "CVE-2023-0216", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35136519" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (OpenSSL)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10762V-5.1", "P-10762V-5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960572.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-10762V-5.0" ] } ] }, { "cve": "CVE-2023-0217", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35136519" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (OpenSSL)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10762V-5.1", "P-10762V-5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960572.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-10762V-5.0" ] } ] }, { "cve": "CVE-2023-0286", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35136519" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35515052" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35080647" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35358186" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "35501475" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.59 and 8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (OpenSSL)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (OpenSSL)). The supported version that is affected is 8.6.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (OpenSSL)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (OpenSSL)). The supported version that is affected is 23.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10762V-5.1", "P-10762V-5.0", "P-5085V-8.59", "P-14119V-23.1.1", "P-10899V-8.6.0.0", "P-5085V-8.60", "P-14123V-23.1.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960572.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960549.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-10899V-8.6.0.0", "P-5085V-8.60" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-10762V-5.0", "P-14119V-23.1.1", "P-14123V-23.1.2" ] } ] }, { "cve": "CVE-2023-0361", "ids": [ { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "35156655" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35156666" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35156662" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35156681" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35515960" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDB Operator (GnuTLS)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Cluster accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (GnuTLS)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (GnuTLS)). Supported versions that are affected are 23.1.1 and 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Install/Upgrade (GnuTLS)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Network Analytics Data Director accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (GnuTLS)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-22.4.0", "P-14250V-23.1.1", "P-14547V-23.1.0", "P-14121V-22.4.0", "P-8479V-8.0.33 and prior", "P-14121V-23.1.0", "P-14277V-23.1.0", "P-14250V-22.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.1.1", "P-14250V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960530.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-22.4.0", "P-14250V-23.1.1", "P-14547V-23.1.0", "P-14121V-22.4.0", "P-8479V-8.0.33 and prior", "P-14121V-23.1.0", "P-14277V-23.1.0", "P-14250V-22.4.2" ] } ] }, { "cve": "CVE-2023-0401", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35136519" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (OpenSSL)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10762V-5.1", "P-10762V-5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960572.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-10762V-5.0" ] } ] }, { "cve": "CVE-2023-0464", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "35293483" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35475170" }, { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35475171" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core (OpenSSL)). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (OpenSSL)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.10", "P-4627V-8.0.33 and prior", "P-8370V-Prior to 6.1.46", "P-8480V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 6.1.46", "P-8370V-Prior to 7.0.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2960866.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 6.1.46", "P-8370V-Prior to 7.0.10", "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-0465", "ids": [ { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35475170" }, { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35475171" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (OpenSSL)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-0466", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "35293483" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35475170" }, { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35475171" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core (OpenSSL)). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (OpenSSL)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.10", "P-4627V-8.0.33 and prior", "P-8370V-Prior to 6.1.46", "P-8480V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 6.1.46", "P-8370V-Prior to 7.0.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2960866.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 6.1.46", "P-8370V-Prior to 7.0.10", "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-0767", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35268751" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (NSS)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-8.6.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] } ] }, { "cve": "CVE-2023-1255", "ids": [ { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35475170" }, { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35475171" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (OpenSSL)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-1370", "ids": [ { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "35317383" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35323969" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35408083" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "35408150" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35222962" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35408087" }, { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "35408142" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35408078" }, { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35408122" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Investor Servicing", "text": "35408101" }, { "system_name": "Oracle Bug ID of Oracle Policy Automation", "text": "35408134" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35408102" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35514650" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "35408103" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35516188" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35222937" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (json-smart)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Remote Diagnostic Agent (json-smart)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Web Services (json-smart)). Supported versions that are affected are 21.12.0-21.12.15 and 22.12.0-22.12.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: 10g - Users, roles, credentials, security (json-smart)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Data Integrator. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (json-smart)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (json-smart)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (json-smart)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure Code (json-smart)). The supported version that is affected is 14.7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (json-smart)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Third Party (json-smart)). Supported versions that are affected are 8.0.7, 8.0.8, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Graph Server and Client (component: Packaging (json-smart)). Supported versions that are affected are 21.4.6, 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Graph Server and Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Graph Server and Client. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Policy Automation (component: Determinations Engine (json-smart)). Supported versions that are affected are Prior to 12.2.31. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Policy Automation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (json-smart)). Supported versions that are affected are 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.0 and 4.5.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (json-smart)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16, 20.12.0-20.12.11 and 21.12.0-21.12.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (json-smart)). The supported version that is affected is 23.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (json-smart)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10605V-21.12.0-21.12.9", "P-9099V-14.7.0.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-2245V-4.4.0.0.0", "P-14069V-22.4.2", "P-2245V-4.4.0.2.0", "P-14121V-23.1.0", "P-2245V-4.4.0.3.0", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-14277V-22.4.0", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5242V-12.2.1.4.0", "P-14069V-21.4.6", "P-14123V-23.1.2", "P-14277V-23.1.0", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-13718V-14.5.0.8.0", "P-2245V-4.5.0.1.1", "P-10605V-20.12.0-20.12.11", "P-2245V-4.5.0.0.0", "P-13701V-14.4-14.7", "P-2245V-4.5.0.1.0", "P-10354V-21.12.0-21.12.15", "P-5624V-Prior to 12.2.31", "P-10354V-22.12.0-22.12.6", "P-5242V-14.1.1.0.0", "P-2196V-12.2.1.4.0", "P-9052V-14.5-14.7", "P-14069V-23.1.0", "P-4647V-12.2.1.4.0", "P-13718V-14.7.0.2.0", "P-14121V-22.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-2196V-12.2.1.4.0", "P-4647V-12.2.1.4.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-21.12.0-21.12.15", "P-10354V-22.12.0-22.12.6", "P-10605V-21.12.0-21.12.9", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-10605V-20.12.0-20.12.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2958838.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9099V-14.7.0.0.0", "P-13718V-14.6.0.4.0", "P-9052V-14.5-14.7", "P-13718V-14.5.0.8.0", "P-13718V-14.7.0.2.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2960444.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-23.1.0", "P-14069V-21.4.6", "P-14069V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5624V-Prior to 12.2.31" ], "url": "https://support.oracle.com/rs?type=doc&id=2957599.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10605V-21.12.0-21.12.9", "P-9099V-14.7.0.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-2245V-4.4.0.0.0", "P-14069V-22.4.2", "P-2245V-4.4.0.2.0", "P-14121V-23.1.0", "P-2245V-4.4.0.3.0", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-14277V-22.4.0", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-5242V-12.2.1.4.0", "P-14069V-21.4.6", "P-14123V-23.1.2", "P-14277V-23.1.0", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-13718V-14.5.0.8.0", "P-2245V-4.5.0.1.1", "P-10605V-20.12.0-20.12.11", "P-2245V-4.5.0.0.0", "P-13701V-14.4-14.7", "P-2245V-4.5.0.1.0", "P-10354V-21.12.0-21.12.15", "P-5624V-Prior to 12.2.31", "P-10354V-22.12.0-22.12.6", "P-5242V-14.1.1.0.0", "P-9052V-14.5-14.7", "P-14069V-23.1.0", "P-4647V-12.2.1.4.0", "P-13718V-14.7.0.2.0", "P-14121V-22.4.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-1436", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35436106" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending", "text": "35436105" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35436116" }, { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "35436138" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35223042" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35430668" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35436110" }, { "system_name": "Oracle Bug ID of Oracle Communications Converged Application Server - Service Controller", "text": "35436135" }, { "system_name": "Oracle Bug ID of Oracle Retail Bulk Data Integration", "text": "35436201" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35280317" }, { "system_name": "Oracle Bug ID of Oracle Banking Payments", "text": "35436111" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "35436144" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35436155" }, { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "34914661" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Jettison)). Supported versions that are affected are 4.3.0.2.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.0 and 4.5.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Third Party Jars (Jettison)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (Jettison)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Installation (Jettison)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: core module (Jettison)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Jettison)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Jettison)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Payments Core (Jettison)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Jettison)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Converged Application Server - Service Controller product of Oracle Communications (component: Third Party (Jettison)). The supported version that is affected is 6.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Application Server - Service Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Converged Application Server - Service Controller. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: BRM Server (Jettison)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Documaker EWPS (Jettison)). Supported versions that are affected are 12.6.1-12.7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: INFRA code (Jettison)). Supported versions that are affected are 14.0-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Bulk Data Integration product of Oracle Retail Applications (component: Process Flow (Jettison)). The supported version that is affected is 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Bulk Data Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Bulk Data Integration. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9052V-14.0-14.7", "P-5477V-12.6.1-12.7.1", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-2025V-6.4.0.0.0", "P-2245V-4.4.0.0.0", "P-13304V-14.7.1.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0", "P-13304V-14.6.0.4.0", "P-13011V-14.5-14.7", "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-5242V-12.2.1.4.0", "P-12989V-14.0-14.3", "P-10593V-6.2.0", "P-5085V-8.59", "P-2245V-4.5.0.1.1", "P-13718V-14.5.0.8.0", "P-12968V-19.0.1", "P-13304V-14.5.0.8.0", "P-2245V-4.5.0.0.0", "P-2245V-4.5.0.1.0", "P-13701V-14.4-14.7", "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-5242V-14.1.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-2025V-7.0.0.0.0", "P-12989V-14.5-14.7", "P-5085V-8.60" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-2245V-4.5.0.1.1", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12989V-14.0-14.3", "P-9052V-14.0-14.7", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13011V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-12989V-14.5-14.7" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10593V-6.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960550.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957693.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.6.1-12.7.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960012.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12968V-19.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2956573.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9052V-14.0-14.7", "P-5477V-12.6.1-12.7.1", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-2025V-6.4.0.0.0", "P-2245V-4.4.0.0.0", "P-13304V-14.7.1.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0", "P-13304V-14.6.0.4.0", "P-13011V-14.5-14.7", "P-2245V-4.3.0.2.0-4.3.0.6.0", "P-5242V-12.2.1.4.0", "P-12989V-14.0-14.3", "P-10593V-6.2.0", "P-5085V-8.59", "P-2245V-4.5.0.1.1", "P-13718V-14.5.0.8.0", "P-12968V-19.0.1", "P-13304V-14.5.0.8.0", "P-2245V-4.5.0.0.0", "P-2245V-4.5.0.1.0", "P-13701V-14.4-14.7", "P-2136V-12.0.0.4.0-12.0.0.8.0", "P-5242V-14.1.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-2025V-7.0.0.0.0", "P-12989V-14.5-14.7", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-1999", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35472967" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (Libwebp)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-8.6.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] } ] }, { "cve": "CVE-2023-20860", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35276042" }, { "system_name": "Oracle Bug ID of BI Publisher", "text": "35340862" }, { "system_name": "Oracle Bug ID of Oracle Retail Financial Integration", "text": "35351079" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager", "text": "35317482" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35247597" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35276018" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35351095" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35276019" }, { "system_name": "Oracle Bug ID of Oracle Retail Integration Bus", "text": "35351082" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "35275999" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35516020" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35276000" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35276023" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35276034" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35276045" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35276035" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35276025" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35276015" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35276026" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35276016" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35276104" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending", "text": "35276017" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (Spring Framework)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Spring Framework)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: core module (Spring Framework)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Framework)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Spring Framework)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Framework)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Spring Framework)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Spring Framework)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Spring Framework)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Install/Upgrade (Spring Framework)). Supported versions that are affected are 23.1.1 and 22.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Spring Framework)). The supported version that is affected is 22.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Base (Spring Framework)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (Spring Framework)). The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server (Spring Framework)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of BI Publisher. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Financial Integration product of Oracle Retail Applications (component: PeopleSoft Integration Bugs (Spring Framework)). Supported versions that are affected are 14.2.0, 15.0.4, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Financial Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Financial Integration. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Spring Framework)). Supported versions that are affected are 14.2.0, 15.0.4, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Integration Bus. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Spring Framework)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Spring Framework)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-10722V-19.0.1", "P-14195V-14.7.1.0.0", "P-1807V-19.0.1", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-10722V-14.2.0", "P-14121V-23.1.0", "P-1807V-14.2.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13940V-9.1.1.5.0", "P-14277V-22.4.0", "P-1980V-12.2.1.4.0", "P-14250V-23.1.1", "P-14547V-23.1.0", "P-5242V-12.2.1.4.0", "P-9464V-12.2.1.4.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-1807V-15.0.4", "P-14277V-23.1.0", "P-14250V-22.4.2", "P-12989V-14.0-14.3", "P-13784V-7.0.0.0", "P-1479V-7.0.0.0.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13701V-14.4-14.7", "P-10722V-16.0.3", "P-14123V-22.3.2", "P-1807V-16.0.3", "P-1479V-6.4.0.0.0", "P-5242V-14.1.1.0.0", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-4647V-12.2.1.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-12989V-14.5-14.7", "P-14121V-22.4.0", "P-10722V-15.0.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1980V-12.2.1.4.0", "P-5242V-14.1.1.0.0", "P-4647V-12.2.1.4.0", "P-5242V-12.2.1.4.0", "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12989V-14.0-14.3", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-12989V-14.5-14.7", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.1.1", "P-14250V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960530.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-22.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960573.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10722V-19.0.1", "P-1807V-19.0.1", "P-10722V-15.0.4", "P-10722V-16.0.3", "P-10722V-14.2.0", "P-1807V-15.0.4", "P-1807V-14.2.0", "P-1807V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2956573.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-13784V-6.0.0.1-6.0.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-1980V-12.2.1.4.0", "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-10722V-19.0.1", "P-14195V-14.7.1.0.0", "P-1807V-19.0.1", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-10722V-14.2.0", "P-14121V-23.1.0", "P-1807V-14.2.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13940V-9.1.1.5.0", "P-14277V-22.4.0", "P-14250V-23.1.1", "P-14547V-23.1.0", "P-9464V-12.2.1.4.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-1807V-15.0.4", "P-14277V-23.1.0", "P-14250V-22.4.2", "P-12989V-14.0-14.3", "P-13784V-7.0.0.0", "P-1479V-7.0.0.0.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13701V-14.4-14.7", "P-10722V-16.0.3", "P-14123V-22.3.2", "P-1807V-16.0.3", "P-1479V-6.4.0.0.0", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-4647V-12.2.1.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-12989V-14.5-14.7", "P-14121V-22.4.0", "P-10722V-15.0.4" ] } ] }, { "cve": "CVE-2023-20861", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35276042" }, { "system_name": "Oracle Bug ID of BI Publisher", "text": "35340862" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "35351027" }, { "system_name": "Oracle Bug ID of Oracle Retail Financial Integration", "text": "35351079" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35247597" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35276018" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35351095" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35276019" }, { "system_name": "Oracle Bug ID of Oracle Retail Integration Bus", "text": "35351082" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "35275999" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35516020" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35276000" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35276023" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35276034" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35276045" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35553059" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35276035" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35276025" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35276015" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35276026" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35276016" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35276104" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending", "text": "35276017" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35499056" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (Spring Framework)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Spring Framework)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: core module (Spring Framework)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Framework)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Spring Framework)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Framework)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Spring Framework)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Spring Framework)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Spring Framework)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Install/Upgrade (Spring Framework)). Supported versions that are affected are 23.1.1 and 22.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Spring Framework)). The supported version that is affected is 22.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Base (Spring Framework)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (Spring Framework)). The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server (Spring Framework)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of BI Publisher. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Interactive Docupresentment Server (Spring Framework)). Supported versions that are affected are 12.6.1-12.7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Financial Integration product of Oracle Retail Applications (component: PeopleSoft Integration Bugs (Spring Framework)). Supported versions that are affected are 14.2.0, 15.0.4, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Financial Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Financial Integration. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Spring Framework)). Supported versions that are affected are 14.2.0, 15.0.4, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Integration Bus. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Spring Framework)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Spring Boot)). Supported versions that are affected are 5.5.0-5.5.17 and 6.0.0-6.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Spring Framework)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14597V-5.5.0-5.5.17", "P-10722V-19.0.1", "P-14195V-14.7.1.0.0", "P-1807V-19.0.1", "P-5477V-12.6.1-12.7.1", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-10722V-14.2.0", "P-14121V-23.1.0", "P-1807V-14.2.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13940V-9.1.1.5.0", "P-14277V-22.4.0", "P-14250V-23.1.1", "P-14547V-23.1.0", "P-5242V-12.2.1.4.0", "P-9464V-12.2.1.4.0", "P-14597V-6.0.0-6.0.2", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-1807V-15.0.4", "P-14277V-23.1.0", "P-14250V-22.4.2", "P-12989V-14.0-14.3", "P-13784V-7.0.0.0", "P-1479V-7.0.0.0.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13701V-14.4-14.7", "P-10722V-16.0.3", "P-14123V-22.3.2", "P-1807V-16.0.3", "P-1479V-6.4.0.0.0", "P-5242V-14.1.1.0.0", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9052V-14.5-14.7", "P-4647V-12.2.1.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-12989V-14.5-14.7", "P-14121V-22.4.0", "P-10722V-15.0.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-4647V-12.2.1.4.0", "P-5242V-12.2.1.4.0", "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12989V-14.0-14.3", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-9052V-14.5-14.7", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-12989V-14.5-14.7", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.1.1", "P-14250V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960530.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-22.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960573.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.6.1-12.7.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960012.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10722V-19.0.1", "P-1807V-19.0.1", "P-10722V-15.0.4", "P-10722V-16.0.3", "P-10722V-14.2.0", "P-1807V-15.0.4", "P-1807V-14.2.0", "P-1807V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2956573.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-13784V-6.0.0.1-6.0.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957696.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14597V-5.5.0-5.5.17", "P-10722V-19.0.1", "P-14195V-14.7.1.0.0", "P-1807V-19.0.1", "P-5477V-12.6.1-12.7.1", "P-13718V-14.6.0.4.0", "P-13718V-14.7.1.0.0", "P-13304V-14.7.1.0.0", "P-10722V-14.2.0", "P-14121V-23.1.0", "P-1807V-14.2.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13940V-9.1.1.5.0", "P-14277V-22.4.0", "P-14250V-23.1.1", "P-14547V-23.1.0", "P-9464V-12.2.1.4.0", "P-14597V-6.0.0-6.0.2", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-1807V-15.0.4", "P-14277V-23.1.0", "P-14250V-22.4.2", "P-12989V-14.0-14.3", "P-13784V-7.0.0.0", "P-1479V-7.0.0.0.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13701V-14.4-14.7", "P-10722V-16.0.3", "P-14123V-22.3.2", "P-1807V-16.0.3", "P-1479V-6.4.0.0.0", "P-13703V-14.7.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-9052V-14.5-14.7", "P-4647V-12.2.1.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-12989V-14.5-14.7", "P-14121V-22.4.0", "P-10722V-15.0.4" ] } ] }, { "cve": "CVE-2023-20862", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35383458" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "35498285" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35383455" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35383488" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35383450" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35516111" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35383432" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35383454" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "35383463" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Security)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Spring Security)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Spring Security)). Supported versions that are affected are 23.1.1 and 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (Spring Security)). Supported versions that are affected are 23.1.0 and 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Spring Security)). Supported versions that are affected are 23.1.2 and 22.4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Spring Security)). Supported versions that are affected are 7.4.1 and 7.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Spring Security)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Spring Security)). Supported versions that are affected are 22.4.3 and 23.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Spring Security)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13784V-7.0.0.0", "P-14123V-22.4.3", "P-8480V-8.0.34 and prior", "P-4516V-7.4.1", "P-14122V-22.4.3", "P-4516V-7.4.2", "P-14118V-23.1.0", "P-14121V-23.1.0", "P-14277V-22.4.0", "P-14118V-22.4.2", "P-14250V-23.1.1", "P-13784V-6.0.0.1-6.0.0.3", "P-14122V-23.1.2", "P-14121V-22.4.0", "P-14123V-23.1.2", "P-14277V-23.1.0", "P-14250V-22.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.1.1", "P-14250V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960530.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.2", "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-22.4.3", "P-14123V-23.1.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.1", "P-4516V-7.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-13784V-6.0.0.1-6.0.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.1.2", "P-14122V-22.4.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2960531.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13784V-7.0.0.0", "P-14123V-22.4.3", "P-8480V-8.0.34 and prior", "P-4516V-7.4.1", "P-14122V-22.4.3", "P-4516V-7.4.2", "P-14118V-23.1.0", "P-14121V-23.1.0", "P-14277V-22.4.0", "P-14118V-22.4.2", "P-14250V-23.1.1", "P-13784V-6.0.0.1-6.0.0.3", "P-14122V-23.1.2", "P-14121V-22.4.0", "P-14123V-23.1.2", "P-14277V-23.1.0", "P-14250V-22.4.2" ] } ] }, { "cve": "CVE-2023-20863", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-2196V-12.2.1.4.0", "P-13600V-22.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "35350987" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35350983" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35351017" }, { "system_name": "Oracle Bug ID of Oracle Spatial Studio", "text": "35351105" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "35351027" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "35351038" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "35351026" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "35351037" }, { "system_name": "Oracle Bug ID of Oracle Retail Financial Integration", "text": "35351079" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35351012" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Integrity", "text": "35351023" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Investor Servicing", "text": "35351033" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "35351099" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Enterprise Case Management", "text": "35351043" }, { "system_name": "Oracle Bug ID of Oracle Retail Predictive Application Server", "text": "35351086" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35351097" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition", "text": "35351051" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35351095" }, { "system_name": "Oracle Bug ID of Oracle Retail Integration Bus", "text": "35351082" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35499056" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Mainframe Connectors (Spring Framework)). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Charging Server (Spring Framework)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Spring Framework)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Integrity product of Oracle Communications Applications (component: Other (Spring Framework)). The supported version that is affected is 7.3.6.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Network Integrity. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Integrity. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Spring Framework)). Supported versions that are affected are 7.4.1 and 7.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Interactive Docupresentment Server (Spring Framework)). Supported versions that are affected are 12.6.1-12.7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure Code (Spring Framework)). The supported version that is affected is 14.7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Centralized Thirdparty Jars (Spring Framework)). Supported versions that are affected are 8.0.7, 8.0.8, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Platform (Spring Framework)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.4 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Enterprise Case Management product of Oracle Financial Services Applications (component: ECM (Spring Framework)). Supported versions that are affected are 8.0.8.2, 8.1.1.1, 8.1.2.4 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Case Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Enterprise Case Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (Spring Framework)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Financial Integration product of Oracle Retail Applications (component: PeopleSoft Integration Bugs (Spring Framework)). Supported versions that are affected are 14.2.0, 15.0.4, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Financial Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Financial Integration. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Spring Framework)). Supported versions that are affected are 14.2.0, 15.0.4, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Integration Bus. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Server (Spring Framework)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Predictive Application Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Spring Framework)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core (Spring Framework)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Spring Framework)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.16, 20.12.0-20.12.11 and 21.12.0-21.12.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Spatial Studio (component: Install (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Spring Boot)). Supported versions that are affected are 5.5.0-5.5.17 and 6.0.0-6.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13789V-8.0.8", "P-14597V-5.5.0-5.5.17", "P-13545V-8.1.2.5", "P-10722V-19.0.1", "P-1807V-19.0.1", "P-10605V-21.12.0-21.12.9", "P-1999V-9.1.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-5477V-12.6.1-12.7.1", "P-9099V-14.7.0.0.0", "P-13545V-8.1.1.1", "P-4516V-7.4.1", "P-4516V-7.4.2", "P-13545V-8.1.2.4", "P-10722V-14.2.0", "P-1807V-14.2.0", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-1823V-15.0.3", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-9190V-8.0.8.1", "P-13545V-8.0.8.2", "P-4491V-7.3.6.4", "P-5242V-12.2.1.4.0", "P-14597V-6.0.0-6.0.2", "P-1807V-15.0.4", "P-9190V-8.1.1.1", "P-13784V-7.0.0.0", "P-9190V-8.1.2.5", "P-9190V-8.1.2.4", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-10605V-20.12.0-20.12.11", "P-1823V-16.0.3", "P-10722V-16.0.3", "P-14118V-23.1.0", "P-1807V-16.0.3", "P-5242V-14.1.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-10722V-15.0.4" ], "known_not_affected": [ "P-2196V-12.2.1.4.0", "P-13600V-22.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-9.1.0", "P-5242V-14.1.1.0.0", "P-2196V-12.2.1.4.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957693.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4491V-7.3.6.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2959869.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.1", "P-4516V-7.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.6.1-12.7.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960012.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9099V-14.7.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2960444.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.1.2.5", "P-9190V-8.1.2.4", "P-9190V-8.0.8.1", "P-9190V-8.1.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2959412.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13545V-8.1.2.5", "P-13545V-8.0.8.2", "P-13545V-8.1.1.1", "P-13545V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2959391.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13789V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10722V-19.0.1", "P-1823V-15.0.3", "P-1807V-19.0.1", "P-10722V-15.0.4", "P-1823V-16.0.3", "P-10722V-16.0.3", "P-10722V-14.2.0", "P-1807V-15.0.4", "P-1807V-14.2.0", "P-1807V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2956573.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-13784V-6.0.0.1-6.0.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10605V-21.12.0-21.12.9", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-10605V-20.12.0-20.12.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2958838.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13600V-22.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957696.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0", "P-13600V-22.3.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13789V-8.0.8", "P-14597V-5.5.0-5.5.17", "P-13545V-8.1.2.5", "P-10722V-19.0.1", "P-1807V-19.0.1", "P-10605V-21.12.0-21.12.9", "P-1999V-9.1.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-5477V-12.6.1-12.7.1", "P-9099V-14.7.0.0.0", "P-13545V-8.1.1.1", "P-4516V-7.4.1", "P-4516V-7.4.2", "P-13545V-8.1.2.4", "P-10722V-14.2.0", "P-1807V-14.2.0", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-1823V-15.0.3", "P-5680V-8.0.7", "P-5680V-8.0.8", "P-9190V-8.0.8.1", "P-13545V-8.0.8.2", "P-4491V-7.3.6.4", "P-5242V-12.2.1.4.0", "P-14597V-6.0.0-6.0.2", "P-1807V-15.0.4", "P-9190V-8.1.1.1", "P-13784V-7.0.0.0", "P-9190V-8.1.2.5", "P-9190V-8.1.2.4", "P-10605V-18.8.0-18.8.15", "P-10605V-19.12.0-19.12.16", "P-10605V-20.12.0-20.12.11", "P-1823V-16.0.3", "P-10722V-16.0.3", "P-14118V-23.1.0", "P-1807V-16.0.3", "P-5242V-14.1.1.0.0", "P-13784V-6.0.0.1-6.0.0.3", "P-10722V-15.0.4" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-2196V-12.2.1.4.0", "P-13600V-22.3.0" ] } ] }, { "cve": "CVE-2023-20873", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13600V-22.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35407470" }, { "system_name": "Oracle Bug ID of Oracle Hospitality Cruise Shipboard Property Management System", "text": "35407492" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "35407474" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35407499" }, { "system_name": "Oracle Bug ID of Oracle Spatial Studio", "text": "35407501" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Install/Upgrade (Spring Boot)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security (Spring Boot)). Supported versions that are affected are 7.4.1 and 7.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: Next-Gen SPMS (Spring Framework)). Supported versions that are affected are 20.1.0 and 20.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Spring Boot)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Spatial Studio (component: Install (Spring Boot)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13784V-7.0.0.0", "P-14547V-23.1.0", "P-13784V-6.0.0.1-6.0.0.3", "P-11607V-20.2.0", "P-11607V-20.1.0", "P-4516V-7.4.1", "P-4516V-7.4.2" ], "known_not_affected": [ "P-13600V-22.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.4.1", "P-4516V-7.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2959836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11607V-20.2.0", "P-11607V-20.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2956382.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-13784V-6.0.0.1-6.0.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13600V-22.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13784V-7.0.0.0", "P-14547V-23.1.0", "P-13784V-6.0.0.1-6.0.0.3", "P-11607V-20.2.0", "P-11607V-20.1.0", "P-4516V-7.4.1", "P-4516V-7.4.2" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13600V-22.3.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13600V-22.3.0" ] } ] }, { "cve": "CVE-2023-21830", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35461897" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Oracle Java SE)). Supported versions that are affected are 5.5.0-5.5.17 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957696.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ] } ] }, { "cve": "CVE-2023-21835", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35461897" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Oracle Java SE)). Supported versions that are affected are 5.5.0-5.5.17 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957696.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ] } ] }, { "cve": "CVE-2023-21843", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35461897" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Oracle Java SE)). Supported versions that are affected are 5.5.0-5.5.17 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957696.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ] } ] }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2023-21949", "ids": [ { "system_name": "Oracle Bug ID of Advanced Networking Option", "text": "34996911" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Advanced Networking Option accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-219V-19.3-19.19", "P-219V-21.3-21.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-219V-21.3-21.10", "P-219V-19.3-19.19" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-219V-21.3-21.10", "P-219V-19.3-19.19" ] } ] }, { "cve": "CVE-2023-21950", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "31363518" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.27 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.27 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.27 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Chen Xiaogeng" ] }, { "names": [ "Guillaume Jacques" ], "organization": "synacktiv" }, { "names": [ "Paul Barbé" ], "organization": "synacktiv" }, { "names": [ "Théo Louis-Tisserand" ], "organization": "synacktiv" } ], "cve": "CVE-2023-21961", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Essbase Administration Services", "text": "32908876" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Essbase Administration Services", "text": "32312464" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Essbase Administration Services", "text": "33406772" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). The supported version that is affected is 21.4.3.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hyperion Essbase Administration Services executes to compromise Oracle Hyperion Essbase Administration Services. While the vulnerability is in Oracle Hyperion Essbase Administration Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). The supported version that is affected is 21.4.3.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hyperion Essbase Administration Services executes to compromise Oracle Hyperion Essbase Administration Services. While the vulnerability is in Oracle Hyperion Essbase Administration Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). The supported version that is affected is 21.4.3.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hyperion Essbase Administration Services executes to compromise Oracle Hyperion Essbase Administration Services. While the vulnerability is in Oracle Hyperion Essbase Administration Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4380(EAS Administration and EAS Console)V-21.4.3.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4380(EAS Administration and EAS Console)V-21.4.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-4380(EAS Administration and EAS Console)V-21.4.3.0.0" ] } ] }, { "cve": "CVE-2023-21971", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35402183" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35516143" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy). Supported versions that are affected are 22.4.0 and 23.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data and unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (MySQL Connectors)). Supported versions that are affected are 22.4.0 and 23.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Binding Support Function accessible data and unauthorized read access to a subset of Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-22.4.0", "P-14121V-22.4.0", "P-14277V-23.1.0", "P-14121V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "P-14277V-22.4.0", "P-14121V-22.4.0", "P-14277V-23.1.0", "P-14121V-23.1.0" ] } ] }, { "acknowledgments": [ { "names": [ "Kanika Jalal" ] }, { "names": [ "Ved Prabhu" ] } ], "cve": "CVE-2023-21974", "ids": [ { "system_name": "Oracle Bug ID of Application Express Team Calendar Plugin", "text": "34954119" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Application Express Team Calendar Plugin. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express Team Calendar Plugin, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Application Express Team Calendar Plugin. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1348V-Application Express Team Calendar Plugin: 18.2-22.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1348V-Application Express Team Calendar Plugin: 18.2-22.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1348V-Application Express Team Calendar Plugin: 18.2-22.1" ] } ] }, { "acknowledgments": [ { "names": [ "Kanika Jalal" ] }, { "names": [ "Ved Prabhu" ] } ], "cve": "CVE-2023-21975", "ids": [ { "system_name": "Oracle Bug ID of Application Express Customers Plugin", "text": "34958186" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Application Express Customers Plugin. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express Customers Plugin, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Application Express Customers Plugin. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1348V-Application Express Customers Plugin: 18.2-22.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1348V-Application Express Customers Plugin: 18.2-22.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1348V-Application Express Customers Plugin: 18.2-22.2" ] } ] }, { "acknowledgments": [ { "names": [ "Dirk van Veen" ], "organization": "The S-Unit" } ], "cve": "CVE-2023-21983", "ids": [ { "system_name": "Oracle Bug ID of Application Express Administration", "text": "35084388" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express Administration. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express Administration accessible data as well as unauthorized read access to a subset of Application Express Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Application Express Administration. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1348V-Application Express Administration: 18.2-22.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1348V-Application Express Administration: 18.2-22.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-1348V-Application Express Administration: 18.2-22.2" ] } ] }, { "acknowledgments": [ { "names": [ "Sheikh Rishad" ] } ], "cve": "CVE-2023-21994", "ids": [ { "system_name": "Oracle Bug ID of Oracle Mobile Security Suite", "text": "33260926" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10913V-Prior to 11.1.2.3.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10913V-Prior to 11.1.2.3.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-10913V-Prior to 11.1.2.3.1" ] } ] }, { "cve": "CVE-2023-22004", "ids": [ { "system_name": "Oracle Bug ID of Oracle Applications Technology", "text": "33518194" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1745V-12.2.3-12.2.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1745V-12.2.3-12.2.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-1745V-12.2.3-12.2.12" ] } ] }, { "cve": "CVE-2023-22005", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "33666652" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Motoyasu Saburi" ] } ], "cve": "CVE-2023-22006", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35059296" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2957260.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] } ] }, { "cve": "CVE-2023-22007", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34617506" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.32 and prior", "P-8478V-5.7.41 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.32 and prior", "P-8478V-5.7.41 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.32 and prior", "P-8478V-5.7.41 and prior" ] } ] }, { "cve": "CVE-2023-22008", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34664457" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "cve": "CVE-2023-22009", "ids": [ { "system_name": "Oracle Bug ID of Oracle Self-Service Human Resources", "text": "34674393" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workforce Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Self-Service Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Self-Service Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1566V-12.2.3-12.2.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1566V-12.2.3-12.2.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-1566V-12.2.3-12.2.12" ] } ] }, { "cve": "CVE-2023-22010", "ids": [ { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "34723086" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4379V-21.4.3.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.4.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.4.3.0.0" ] } ] }, { "cve": "CVE-2023-22011", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879073" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879083" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879096" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879496" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879115" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-22012", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879158" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879179" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879524" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025(Analytics Server)V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025(Analytics Server)V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-2025(Analytics Server)V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-22013", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879109" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879538" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879061" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879131" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879534" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879239" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-22014", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35149890" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.60" ] } ] }, { "acknowledgments": [ { "names": [ "Muhammad Alifa Ramdhan" ], "organization": "STAR Labs" } ], "cve": "CVE-2023-22016", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "35329013" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.10", "P-8370V-Prior to 6.1.46" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 6.1.46", "P-8370V-Prior to 7.0.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2960866.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 6.1.46", "P-8370V-Prior to 7.0.10" ] } ] }, { "acknowledgments": [ { "names": [ "Ronald Crane" ], "organization": "Zippenhop LLC" } ], "cve": "CVE-2023-22017", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "35502160" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.10", "P-8370V-Prior to 6.1.46" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 6.1.46", "P-8370V-Prior to 7.0.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2960866.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 6.1.46", "P-8370V-Prior to 7.0.10" ] } ] }, { "acknowledgments": [ { "names": [ "kn32 working with Trend Micro Zero Day Initiative" ] } ], "cve": "CVE-2023-22018", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "35524414" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.10", "P-8370V-Prior to 6.1.46" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 6.1.46", "P-8370V-Prior to 7.0.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2960866.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 6.1.46", "P-8370V-Prior to 7.0.10" ] } ] }, { "cve": "CVE-2023-22020", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879184" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879556" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-22021", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879578" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879228" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-2025(Analytics Server)V-6.4.0.0.0", "P-2025(Analytics Server)V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-22022", "ids": [ { "system_name": "Oracle Bug ID of Oracle Health Sciences Sciences Data Management Workbench", "text": "35112402" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Blinding Functionality). Supported versions that are affected are 3.1.0.2, 3.1.1.3 and 3.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences Sciences Data Management Workbench accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9581V-3.1.1.3", "P-9581V-3.1.0.2", "P-9581V-3.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9581V-3.1.1.3", "P-9581V-3.1.0.2", "P-9581V-3.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2959737.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-9581V-3.1.1.3", "P-9581V-3.1.0.2", "P-9581V-3.2.0.0" ] } ] }, { "cve": "CVE-2023-22023", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "35326610" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: CVE-2023-22023 is equivalent to CVE-2023-31284. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-11" ], "url": "https://support.oracle.com/rs?type=doc&id=2960446.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10006V-11" ] } ] }, { "cve": "CVE-2023-22027", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34892102" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879598" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34879547" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025(Analytics Server)V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025(Analytics Server)V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-2025(Analytics Server)V-7.0.0.0.0" ] } ] }, { "acknowledgments": [ { "names": [ "4ra1n and bluE0" ] } ], "cve": "CVE-2023-22031", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "34881931" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-22033", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34924127" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Emad Al-Mousa" ], "organization": "Saudi Aramco" } ], "cve": "CVE-2023-22034", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "34998034" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Unified Audit)V-19.3-19.19", "P-5(Unified Audit)V-21.3-21.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Unified Audit)V-19.3-19.19", "P-5(Unified Audit)V-21.3-21.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5(Unified Audit)V-19.3-19.19", "P-5(Unified Audit)V-21.3-21.10" ] } ] }, { "acknowledgments": [ { "names": [ "ch0wn" ] } ], "cve": "CVE-2023-22035", "ids": [ { "system_name": "Oracle Bug ID of Oracle Scripting", "text": "35066052" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Scripting accessible data as well as unauthorized read access to a subset of Oracle Scripting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-433V-12.2.3-12.2.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-433V-12.2.3-12.2.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-433V-12.2.3-12.2.12" ] } ] }, { "acknowledgments": [ { "names": [ "Eirik Bjørsnøs" ] } ], "cve": "CVE-2023-22036", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35079695" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2957260.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] } ] }, { "acknowledgments": [ { "names": [ "Ammarit Thongthua" ], "organization": "Secure D Center Cybersecurity Team" }, { "names": [ "B.GRIMM POWER Cyber security incident response teams" ] }, { "names": [ "Pharkphoom Phongnusont" ], "organization": "Secure D Center Cybersecurity Team" } ], "cve": "CVE-2023-22037", "ids": [ { "system_name": "Oracle Bug ID of Oracle Web Applications Desktop Integrator", "text": "35084809" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1171V-12.2.3-12.2.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1171V-12.2.3-12.2.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-1171V-12.2.3-12.2.12" ] } ] }, { "cve": "CVE-2023-22038", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35089304" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "cve": "CVE-2023-22039", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35111987" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4461V-9.3.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-4461V-9.3.6" ] } ] }, { "acknowledgments": [ { "names": [ "Sven Woynoski" ], "organization": "it.sec GmbH" } ], "cve": "CVE-2023-22040", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35137626" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "David Stancu" ] } ], "cve": "CVE-2023-22041", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35177037" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2957260.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] } ] }, { "acknowledgments": [ { "names": [ "Sankara Gosu" ], "organization": "ALDAR Corporate" } ], "cve": "CVE-2023-22042", "ids": [ { "system_name": "Oracle Bug ID of Oracle Applications Framework", "text": "35181823" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.3-12.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1472V-12.2.3-12.3.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1472V-12.2.3-12.3.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1472V-12.2.3-12.3.12" ] } ] }, { "cve": "CVE-2023-22043", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35192417" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:8u371" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:8u371" ], "url": "https://support.oracle.com/rs?type=doc&id=2957260.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:8u371" ] } ] }, { "acknowledgments": [ { "names": [ "Zhiqiang Zang" ], "organization": "University" } ], "cve": "CVE-2023-22044", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35193994" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2957260.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1" ] } ] }, { "acknowledgments": [ { "names": [ "Zhiqiang Zang" ], "organization": "University" } ], "cve": "CVE-2023-22045", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35194811" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2957260.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Yuanliang Chen" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2023-22046", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35201901" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "cve": "CVE-2023-22047", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35232693" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-22048", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35232697" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "cve": "CVE-2023-22049", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35241191" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2957260.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle Java SE:8u371", "P-856V-Oracle Java SE:8u371-perf", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] } ] }, { "cve": "CVE-2023-22050", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Orchestrator", "text": "35274755" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11681V-Prior to 9.2.7.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11681V-Prior to 9.2.7.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2959208.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-11681V-Prior to 9.2.7.4" ] } ] }, { "cve": "CVE-2023-22051", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "35287400" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM Enterprise Edition:21.3.6", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.2", "P-13497V-Oracle GraalVM for JDK:17.0.7", "P-13497V-Oracle GraalVM for JDK:20.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.7", "P-13497V-Oracle GraalVM for JDK:20.0.1", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.6", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957260.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.7", "P-13497V-Oracle GraalVM for JDK:20.0.1", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.6", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.2" ] } ] }, { "cve": "CVE-2023-22052", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35354098" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Java VM)V-19.3-19.19", "P-5(Java VM)V-21.3-21.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Java VM)V-21.3-21.10", "P-5(Java VM)V-19.3-19.19" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-5(Java VM)V-21.3-21.10", "P-5(Java VM)V-19.3-19.19" ] } ] }, { "acknowledgments": [ { "names": [ "bee13oy" ] } ], "cve": "CVE-2023-22053", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35374491" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-5.7.42 and prior", "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior" ] } ] }, { "cve": "CVE-2023-22054", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35377192" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "cve": "CVE-2023-22055", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "35393461" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-Prior to 9.2.7.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-Prior to 9.2.7.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2959208.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-4781V-Prior to 9.2.7.4" ] } ] }, { "cve": "CVE-2023-22056", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35395965" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Oliver Bone" ] } ], "cve": "CVE-2023-22057", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35401212" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "cve": "CVE-2023-22058", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35410528" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Przemysław Mazurek" ] } ], "cve": "CVE-2023-22060", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Workspace", "text": "35397873" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Workspace accessible data as well as unauthorized access to critical data or complete access to all Oracle Hyperion Workspace accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Workspace. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4361V-11.2.13.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4361V-11.2.13.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "P-4361V-11.2.13.0.000" ] } ] }, { "acknowledgments": [ { "names": [ "Seyed Hosein Sadaty Pakdaman" ] } ], "cve": "CVE-2023-22061", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35420748" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "acknowledgments": [ { "names": [ "Przemysław Mazurek" ] } ], "cve": "CVE-2023-22062", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Financial Reporting", "text": "35397861" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8776V-11.2.13.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8776V-11.2.13.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", "version": "3.1" }, "products": [ "P-8776V-11.2.13.0.000" ] } ] }, { "cve": "CVE-2023-22809", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35227964" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Sudo)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-8.6.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] } ] }, { "cve": "CVE-2023-22899", "ids": [ { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "34974963" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Zip4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-4647V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-22946", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35383821" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache Spark)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2023-23914", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35182065" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-23915", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35182065" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-23916", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35182065" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-23931", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35120822" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35097019" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35120817" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35120839" } ], "notes": [ { "category": "description", "text": "Vulnerability in the OML4Py (cryptography) component of Oracle Database Server. Supported versions that are affected are 21.3-21.10. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise OML4Py (cryptography). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of OML4Py (cryptography) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of OML4Py (cryptography). CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Binding Support Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Cryptography)). Supported versions that are affected are 23.1.0 and 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Cryptography)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-22.4.2", "P-5(OML4Py)V-21.3-21.10", "P-5085V-8.59", "P-14121V-22.4.0", "P-14118V-23.1.0", "P-5085V-8.60", "P-14121V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(OML4Py)V-21.3-21.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.2", "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2959206.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-5(OML4Py)V-21.3-21.10" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-14118V-22.4.2", "P-5085V-8.59", "P-14121V-22.4.0", "P-14118V-23.1.0", "P-5085V-8.60", "P-14121V-23.1.0" ] } ] }, { "cve": "CVE-2023-24532", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.10.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "35266042" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-22.1.1.1.0-22.1.1.10.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.10.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-22.1.1.1.0-22.1.1.10.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1870V-22.1.1.1.0-22.1.1.10.0" ] } ] }, { "cve": "CVE-2023-24998", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35270409" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35538576" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35116756" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35524990" }, { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "35170788" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35170821" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35170822" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager", "text": "35170888" }, { "system_name": "Oracle Bug ID of Oracle Retail Order Broker", "text": "35170803" }, { "system_name": "Oracle Bug ID of Oracle Communications Calendar Server", "text": "35170825" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "35170946" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "35170846" }, { "system_name": "Oracle Bug ID of Oracle Policy Automation", "text": "35170903" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35170828" }, { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "35170927" }, { "system_name": "Oracle Bug ID of Siebel Apps", "text": "35170949" }, { "system_name": "Oracle Bug ID of Oracle Retail Bulk Data Integration", "text": "35170907" }, { "system_name": "Oracle Bug ID of Oracle Retail Integration Bus", "text": "35170909" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35170795" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition", "text": "35170872" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35170852" }, { "system_name": "Oracle Bug ID of Oracle Spatial Studio", "text": "35170950" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35170876" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35170831" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35170812" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "35170834" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35170811" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "35170855" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35170814" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergence", "text": "35170836" }, { "system_name": "Oracle Bug ID of Oracle Communications Contacts Server", "text": "35170835" }, { "system_name": "Oracle Bug ID of Oracle Retail Service Backbone", "text": "35170912" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35170815" }, { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "35170839" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35170819" }, { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "35533207" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35406616" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Folders, Files and Attachments (Apache Commons FileUpload)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Commons FileUpload)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Data Integrator. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Order Broker product of Oracle Retail Applications (component: System Administration (Apache Commons FileUpload)). The supported version that is affected is 19.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Order Broker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Order Broker. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Apache Commons FileUpload)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Apache Commons FileUpload)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache Commons FileUpload)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Apache Commons FileUpload)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Apache Commons FileUpload)). Supported versions that are affected are 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache Commons FileUpload)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Apache Commons FileUpload)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Calendar Server product of Oracle Communications Applications (component: Third Party (Apache Commons FileUpload)). Supported versions that are affected are 8.0.0.2.0-8.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Calendar Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Calendar Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Apache Commons FileUpload)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Apache Commons BeanUtils)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (Apache Commons FileUpload)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Contacts Server product of Oracle Communications Applications (component: Third Party (Apache Commons FileUpload)). Supported versions that are affected are 8.0.0.6.0-8.0.0.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Contacts Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Contacts Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Mail Proxy (Apache Commons FileUpload)). The supported version that is affected is 3.0.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Convergence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Apache Commons FileUpload)). Supported versions that are affected are 7.3.5, 7.4.0 and 7.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Platform (Apache Commons FileUpload)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.4 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Apache Commons FileUpload)). Supported versions that are affected are 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Apache Commons FileUpload)). Supported versions that are affected are 8.0.7, 8.0.8, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (Apache Commons FileUpload)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache Commons FileUpload)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Installer (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Policy Automation (component: Determinations Engine (Apache Commons FileUpload)). Supported versions that are affected are Prior to 12.2.30. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Policy Automation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Policy Automation. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Bulk Data Integration product of Oracle Retail Applications (component: BDI Job Scheduler (Apache Commons FileUpload)). Supported versions that are affected are 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Bulk Data Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Bulk Data Integration. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Apache Commons FileUpload)). Supported versions that are affected are 14.2.0, 15.0.4, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Integration Bus. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: RSB Installation (Apache Commons FileUpload)). Supported versions that are affected are 14.2.0, 15.0.4, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Service Backbone. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Apache Commons FileUpload)). Supported versions that are affected are 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.0 and 4.5.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Apache Commons FileUpload)). Supported versions that are affected are 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.15 and 22.12.0-22.12.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel Apps product of Oracle Siebel CRM (component: Marketing (Apache Commons FileUpload)). Supported versions that are affected are 23.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel Apps. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Spatial Studio (component: Oracle Spatial Studio (Apache Commons FileUpload)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Spatial Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Spatial Studio. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Commons FileUpload)). Supported versions that are affected are 5.5.0-5.5.16 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Commons FileUpload)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform (Apache Commons FileUpload)). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-13789V-8.0.8", "P-14597V-5.5.0-5.5.16", "P-14195V-14.7.1.0.0", "P-1807V-19.0.1", "P-2270V-7.4.0", "P-10354V-19.12.0-19.12.16", "P-13718V-14.7.1.0.0", "P-2270V-7.4.1", "P-10696V-8.0.0.6.0-8.0.0.8.0", "P-8480V-8.0.34 and prior", "P-14121V-23.1.0", "P-2245V-4.4.0.3.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-5680V-8.0.7", "P-9190V-8.0.8.1", "P-5680V-8.0.8", "P-2245V-4.3.0.1.0-4.3.0.6.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-9190V-8.1.1.1", "P-4622V-13.3.0.1", "P-14117V-23.1.0", "P-9190V-8.1.2.5", "P-9190V-8.1.2.4", "P-10867V-15.0.4", "P-13718V-14.5.0.8.0", "P-2245V-4.5.0.0.0", "P-13701V-14.4-14.7", "P-10354V-21.12.0-21.12.15", "P-14118V-22.4.2", "P-10867V-16.0.3", "P-14121V-22.4.0", "P-12968V-16.0.3", "P-13718V-14.6.0.4.0", "P-13304V-14.7.1.0.0", "P-2245V-4.4.0.0.0", "P-2270V-7.3.5", "P-2245V-4.4.0.2.0", "P-14325V-14.6", "P-1807V-14.2.0", "P-8494V-8.0.0.2.0-8.0.0.7.0", "P-14325V-14.7", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-1980V-12.2.1.4.0", "P-13600V-22.3.0", "P-4461V-9.3.6", "P-8501V-3.0.3.2", "P-14597V-6.0.0-6.0.2", "P-10867V-19.0.1", "P-1807V-15.0.4", "P-10354V-18.8.0-18.8.18", "P-9348V-11.3.1", "P-9348V-11.3.2", "P-2025V-12.2.1.4.0", "P-9348V-11.3.0", "P-12968V-19.0.1", "P-2245V-4.5.0.1.1", "P-10867V-14.2.0", "P-2245V-4.5.0.1.0", "P-14118V-23.1.0", "P-1807V-16.0.3", "P-14117V-22.4.0", "P-5624V-Prior to 12.2.30", "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.6", "P-13703V-14.7.1.0.0", "P-2196V-12.2.1.4.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-2245V-4.2.0.3.0", "P-8974V-23.4 and prior", "P-11520V-19.1" ], "known_not_affected": [ "P-5(Oracle Database)V-19.3-19.19", "P-5(Oracle Database)V-21.3-21.10", "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1980V-12.2.1.4.0", "P-2196V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10867V-16.0.3", "P-1807V-19.0.1", "P-10867V-15.0.4", "P-12968V-19.0.1", "P-10867V-14.2.0", "P-11520V-19.1", "P-10867V-19.0.1", "P-1807V-15.0.4", "P-1807V-14.2.0", "P-12968V-16.0.3", "P-1807V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2956573.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-14325V-14.6", "P-14325V-14.7", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10696V-8.0.0.6.0-8.0.0.8.0", "P-8501V-3.0.3.2", "P-8494V-8.0.0.2.0-8.0.0.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957711.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.2", "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-22.4.0", "P-14117V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960537.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.4.0", "P-2270V-7.4.1", "P-2270V-7.3.5" ], "url": "https://support.oracle.com/rs?type=doc&id=2957694.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.1.2.5", "P-9190V-8.1.2.4", "P-9190V-8.0.8.1", "P-9190V-8.1.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2959412.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-5680V-8.0.7", "P-5680V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2960444.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13789V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-13600V-22.3.0", "P-5(Oracle Database)V-19.3-19.19" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5624V-Prior to 12.2.30" ], "url": "https://support.oracle.com/rs?type=doc&id=2957599.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.2.0.3.0", "P-2245V-4.5.0.1.1", "P-2245V-4.3.0.1.0-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.1.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-21.12.0-21.12.15", "P-10354V-22.12.0-22.12.6", "P-10354V-19.12.0-19.12.16", "P-10354V-18.8.0-18.8.18" ], "url": "https://support.oracle.com/rs?type=doc&id=2958838.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8974V-23.4 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.16", "P-14597V-6.0.0-6.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2957696.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-13789V-8.0.8", "P-14597V-5.5.0-5.5.16", "P-14195V-14.7.1.0.0", "P-1807V-19.0.1", "P-2270V-7.4.0", "P-10354V-19.12.0-19.12.16", "P-13718V-14.7.1.0.0", "P-2270V-7.4.1", "P-10696V-8.0.0.6.0-8.0.0.8.0", "P-8480V-8.0.34 and prior", "P-14121V-23.1.0", "P-2245V-4.4.0.3.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-5680V-8.0.7", "P-9190V-8.0.8.1", "P-5680V-8.0.8", "P-2245V-4.3.0.1.0-4.3.0.6.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0", "P-9190V-8.1.1.1", "P-4622V-13.3.0.1", "P-14117V-23.1.0", "P-9190V-8.1.2.5", "P-9190V-8.1.2.4", "P-10867V-15.0.4", "P-13718V-14.5.0.8.0", "P-2245V-4.5.0.0.0", "P-13701V-14.4-14.7", "P-10354V-21.12.0-21.12.15", "P-14118V-22.4.2", "P-10867V-16.0.3", "P-14121V-22.4.0", "P-12968V-16.0.3", "P-13718V-14.6.0.4.0", "P-13304V-14.7.1.0.0", "P-2245V-4.4.0.0.0", "P-2270V-7.3.5", "P-2245V-4.4.0.2.0", "P-14325V-14.6", "P-1807V-14.2.0", "P-8494V-8.0.0.2.0-8.0.0.7.0", "P-14325V-14.7", "P-5680V-8.1.0", "P-5680V-8.1.1", "P-5680V-8.1.2", "P-1980V-12.2.1.4.0", "P-4461V-9.3.6", "P-8501V-3.0.3.2", "P-14597V-6.0.0-6.0.2", "P-10867V-19.0.1", "P-1807V-15.0.4", "P-10354V-18.8.0-18.8.18", "P-9348V-11.3.1", "P-9348V-11.3.2", "P-2025V-12.2.1.4.0", "P-9348V-11.3.0", "P-12968V-19.0.1", "P-2245V-4.5.0.1.1", "P-10867V-14.2.0", "P-2245V-4.5.0.1.0", "P-14118V-23.1.0", "P-1807V-16.0.3", "P-14117V-22.4.0", "P-5624V-Prior to 12.2.30", "P-10354V-20.12.0-20.12.16", "P-10354V-22.12.0-22.12.6", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-2245V-4.2.0.3.0", "P-8974V-23.4 and prior", "P-11520V-19.1" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database)V-21.3-21.10", "P-14015V-19.1.0.0.0-19.1.0.0.7", "P-5(Oracle Database)V-19.3-19.19" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-13600V-22.3.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ] }, { "cve": "CVE-2023-25193", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35063973" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: 2D (Harfbuzz)). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2957260.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:20.0.1", "P-856V-Oracle Java SE:17.0.7", "P-856V-Oracle GraalVM Enterprise Edition:22.3.2", "P-856V-Oracle GraalVM Enterprise Edition:21.3.6", "P-856V-Oracle GraalVM for JDK:17.0.7", "P-856V-Oracle GraalVM for JDK:20.0.1", "P-856V-Oracle Java SE:11.0.19", "P-856V-Oracle GraalVM Enterprise Edition:20.3.10" ] } ] }, { "cve": "CVE-2023-25194", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35127288" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergent Charging Controller", "text": "35127310" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "35127344" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35127286" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35127287" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35127285" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35127293" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35127294" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35127291" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "35333630" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35127317" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35127314" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35127312" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Charging and Control", "text": "35127313" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Apache Kafka)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in takeover of Oracle Banking Branch. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Apache Kafka)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Cash Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache Kafka)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Apache Kafka)). The supported version that is affected is 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Apache Kafka)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache Kafka)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in takeover of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Apache Kafka)). Supported versions that are affected are 14.5.0.8.0, 14.6.0.4.0, 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (Apache Kafka)). Supported versions that are affected are 12.0.3.0.0-12.0.6.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Core (Apache Kafka)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (Apache Kafka)). Supported versions that are affected are 12.0.3.0.0-12.0.6.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Notification (Apache Kafka)). Supported versions that are affected are 12.0.0.4.0-12.0.0.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in takeover of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Apache Kafka)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in takeover of Oracle Banking Origination. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Security (Apache Kafka)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Realtime Processing (Apache Kafka)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-13718V-14.6.0.4.0", "P-12985V-12.0.3.0.0-12.0.6.0.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-4623V-12.0.3.0.0-12.0.6.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-14547V-23.1.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-9464V-12.2.1.4.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-13718V-14.6.0.4.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4623V-12.0.3.0.0-12.0.6.0.0", "P-12985V-12.0.3.0.0-12.0.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957695.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4.0-12.0.0.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957693.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-9742V-12.0.0.4.0-12.0.0.8.0", "P-13718V-14.6.0.4.0", "P-12985V-12.0.3.0.0-12.0.6.0.0", "P-13718V-14.5.0.8.0", "P-13304V-14.5.0.8.0", "P-13718V-14.7.1.0.0", "P-13701V-14.4-14.7", "P-13304V-14.7.1.0.0", "P-4623V-12.0.3.0.0-12.0.6.0.0", "P-13304V-14.6.0.4.0", "P-13872V-14.7.0.2.0", "P-14325V-14.5-14.7", "P-13703V-14.7.1.0.0", "P-14547V-23.1.0", "P-13304V-14.7.0.2.0", "P-13718V-14.7.0.2.0", "P-9464V-12.2.1.4.0", "P-14324V-14.5-14.7", "P-14195V-14.7.0.2.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.7" ] } ] }, { "cve": "CVE-2023-25652", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35472973" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (git)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-8.6.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] } ] }, { "cve": "CVE-2023-25658", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25659", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25660", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25661", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25662", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25663", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25664", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25665", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25666", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25667", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25668", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25669", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25670", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25671", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25672", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25673", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25674", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25675", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25676", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-25690", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1522V-18.1.0.1.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "35218749" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35243151" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35218757" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: HTTP Server (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (Apache HTTP Server)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Ops Center. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0", "P-1042V-12.2.1.4.0" ], "known_not_affected": [ "P-1522V-18.1.0.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-18.1.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1522V-18.1.0.1.0" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0", "P-1042V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1522V-18.1.0.1.0" ] } ] }, { "cve": "CVE-2023-25801", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-26048", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35375392" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35516317" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35375388" }, { "system_name": "Oracle Bug ID of Oracle Coherence", "text": "35375385" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35375362" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35375398" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Eclipse Jetty)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Data Integrator accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Eclipse Jetty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Coherence accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Installation (Eclipse Jetty)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Install/Upgrade (Eclipse Jetty)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Network Analytics Data Director accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Installation (Eclipse Jetty)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-22.4.0", "P-2545V-12.2.1.4.0", "P-2196V-12.2.1.4.0", "P-14547V-23.1.0", "P-14121V-22.4.0", "P-2545V-14.1.1.0.0", "P-14121V-23.1.0", "P-14118V-23.1.1", "P-14277V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2545V-12.2.1.4.0", "P-2196V-12.2.1.4.0", "P-2545V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-22.4.0", "P-2545V-12.2.1.4.0", "P-2196V-12.2.1.4.0", "P-14547V-23.1.0", "P-14121V-22.4.0", "P-2545V-14.1.1.0.0", "P-14121V-23.1.0", "P-14118V-23.1.1", "P-14277V-23.1.0" ] } ] }, { "cve": "CVE-2023-26049", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35375392" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35516317" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35375388" }, { "system_name": "Oracle Bug ID of Oracle Coherence", "text": "35375385" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35375362" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35375398" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Eclipse Jetty)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Data Integrator accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Eclipse Jetty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Coherence accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Installation (Eclipse Jetty)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Install/Upgrade (Eclipse Jetty)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Network Analytics Data Director accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Installation (Eclipse Jetty)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-22.4.0", "P-2545V-12.2.1.4.0", "P-2196V-12.2.1.4.0", "P-14547V-23.1.0", "P-14121V-22.4.0", "P-2545V-14.1.1.0.0", "P-14121V-23.1.0", "P-14118V-23.1.1", "P-14277V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2545V-12.2.1.4.0", "P-2196V-12.2.1.4.0", "P-2545V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2961143.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-22.4.0", "P-2545V-12.2.1.4.0", "P-2196V-12.2.1.4.0", "P-14547V-23.1.0", "P-14121V-22.4.0", "P-2545V-14.1.1.0.0", "P-14121V-23.1.0", "P-14118V-23.1.1", "P-14277V-23.1.0" ] } ] }, { "cve": "CVE-2023-26119", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35361081" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (NekoHTML)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958367.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-2650", "ids": [ { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35475170" }, { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35475171" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (OpenSSL)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4627V-8.0.33 and prior", "P-8480V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-27522", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1522V-18.1.0.1.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "35218749" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35218757" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Secure Backup (component: HTTP Server (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (Apache HTTP Server)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Ops Center. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ], "known_not_affected": [ "P-1522V-18.1.0.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-18.1.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946187.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1522V-18.1.0.1.0" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1522V-18.1.0.1.0" ] } ] }, { "cve": "CVE-2023-27533", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.4.3.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35329548" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (cURL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-4379V-21.4.3.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.4.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.4.3.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.4.3.0.0" ] } ] }, { "cve": "CVE-2023-27534", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.4.3.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35329548" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (cURL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-4379V-21.4.3.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.4.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.4.3.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.4.3.0.0" ] } ] }, { "cve": "CVE-2023-27579", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35275664" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Graph Server (TensorFlow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14069V-22.4.1", "P-14069V-21.4.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-21.4.7", "P-14069V-22.4.1" ] } ] }, { "cve": "CVE-2023-27898", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35329598" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35329600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35329593" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Automated Test Suite Framework (Jenkins)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Jenkins Script Security)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.1.0", "P-14488V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960528.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.2", "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-22.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] } ] }, { "cve": "CVE-2023-27899", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35329598" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35329600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35329593" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Automated Test Suite Framework (Jenkins)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Jenkins Script Security)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.1.0", "P-14488V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960528.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.2", "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-22.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] } ] }, { "cve": "CVE-2023-27900", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35329598" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35329600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35329593" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Automated Test Suite Framework (Jenkins)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Jenkins Script Security)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.1.0", "P-14488V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960528.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.2", "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-22.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] } ] }, { "cve": "CVE-2023-27901", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35329598" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35329600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35329593" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Automated Test Suite Framework (Jenkins)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Jenkins Script Security)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.1.0", "P-14488V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960528.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.2", "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-22.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] } ] }, { "cve": "CVE-2023-27902", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35329598" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35329600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35329593" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Automated Test Suite Framework (Jenkins)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Jenkins Script Security)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.1.0", "P-14488V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960528.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.2", "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-22.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] } ] }, { "cve": "CVE-2023-27903", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35329598" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35329600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35329593" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Automated Test Suite Framework (Jenkins)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Jenkins Script Security)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.1.0", "P-14488V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960528.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.2", "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-22.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] } ] }, { "cve": "CVE-2023-27904", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35329598" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35329600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35329593" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Automated Test Suite Framework (Jenkins)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Jenkins)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Jenkins Script Security)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.1.0", "P-14488V-22.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960528.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-22.4.2", "P-14118V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0", "P-14123V-22.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14118V-22.4.2", "P-14123V-23.1.0", "P-14488V-23.1.0", "P-14123V-22.4.0", "P-14118V-23.1.0", "P-14488V-22.4.1" ] } ] }, { "cve": "CVE-2023-28439", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Platform", "text": "35287077" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35266096" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "35266101" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35266077" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35265253" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (CKEditor)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (CKEditor)). Supported versions that are affected are 18.2.0.0.0, 18.3.0.0.0, 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Digital Experience, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Digital Experience accessible data as well as unauthorized read access to a subset of Oracle Banking Digital Experience accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient (CKEditor)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (CKEditor)). Supported versions that are affected are 18.2.0.0.0, 18.3.0.0.0, 19.1.0.0.0, 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0 and 22.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking APIs, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking APIs accessible data as well as unauthorized read access to a subset of Oracle Banking APIs accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: WebUI (CKEditor)). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-13676V-18.3.0.0.0", "P-9348V-11.3.0", "P-12605V-22.1.0.0.0", "P-13676V-19.2.0.0.0", "P-13676V-18.2.0.0.0", "P-12605V-21.1.0.0.0", "P-13676V-22.1.0.0.0", "P-2025V-6.4.0.0.0", "P-12605V-19.1.0.0.0", "P-13676V-19.1.0.0.0", "P-13676V-21.1.0.0.0", "P-12605V-18.3.0.0.0", "P-13676V-22.2.0.0.0", "P-12605V-19.2.0.0.0", "P-12605V-18.2.0.0.0", "P-4461V-9.3.6", "P-2025V-7.0.0.0.0", "P-12605V-22.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13676V-18.3.0.0.0", "P-12605V-22.1.0.0.0", "P-13676V-19.2.0.0.0", "P-13676V-18.2.0.0.0", "P-12605V-21.1.0.0.0", "P-13676V-22.1.0.0.0", "P-12605V-19.1.0.0.0", "P-13676V-19.1.0.0.0", "P-13676V-21.1.0.0.0", "P-12605V-18.3.0.0.0", "P-13676V-22.2.0.0.0", "P-12605V-19.2.0.0.0", "P-12605V-18.2.0.0.0", "P-12605V-22.2.0.0.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-9348V-11.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2959205.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9348V-11.3.1", "P-9348V-11.3.2", "P-13676V-18.3.0.0.0", "P-9348V-11.3.0", "P-12605V-22.1.0.0.0", "P-13676V-19.2.0.0.0", "P-13676V-18.2.0.0.0", "P-12605V-21.1.0.0.0", "P-13676V-22.1.0.0.0", "P-2025V-6.4.0.0.0", "P-12605V-19.1.0.0.0", "P-13676V-19.1.0.0.0", "P-13676V-21.1.0.0.0", "P-12605V-18.3.0.0.0", "P-13676V-22.2.0.0.0", "P-12605V-19.2.0.0.0", "P-12605V-18.2.0.0.0", "P-4461V-9.3.6", "P-2025V-7.0.0.0.0", "P-12605V-22.2.0.0.0" ] } ] }, { "cve": "CVE-2023-28484", "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35431056" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35431073" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (libxml2)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (libxml2)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4627V-8.0.33 and prior", "P-14118V-23.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4627V-8.0.33 and prior", "P-14118V-23.1.1" ] } ] }, { "cve": "CVE-2023-28708", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14250V-23.1.1", "P-11528V-3.0", "P-14250V-22.4.2" ] }, { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35538576" }, { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35269936" }, { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35269904" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35269927" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35269900" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35269901" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35269894" }, { "system_name": "Oracle Bug ID of Oracle Big Data Spatial and Graph", "text": "35269895" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35269885" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "35269930" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35269892" }, { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "35137250" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35515995" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (Apache Tomcat)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Folders, Files and Attachments (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Apache Tomcat)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache Tomcat)). Supported versions that are affected are 14.7.0.2.0 and 14.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Supply Chain Finance accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Apache Tomcat)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Install/Upgrade (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (Apache Tomcat)). The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle SD-WAN Edge accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Apache Tomcat)). Supported versions that are affected are 6.0.0.1-6.0.0.3 and 7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Utilities Testing Accelerator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (Apache Tomcat)). Supported versions that are affected are 23.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Apache Tomcat)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13784V-7.0.0.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-4436V-6.2.1.0-6.2.1.8", "P-14121V-23.1.0", "P-9011V-23.4 and prior", "P-13872V-14.7.0.2.0", "P-13940V-9.1.1.5.0", "P-14277V-22.4.0", "P-13784V-6.0.0.1-6.0.0.3", "P-4461V-9.3.6", "P-14121V-22.4.0", "P-10899V-8.6.0.0", "P-14195V-14.7.0.2.0", "P-14277V-23.1.0" ], "known_not_affected": [ "P-5(Oracle Database)V-19.3-19.19", "P-14250V-23.1.1", "P-5(Oracle Database)V-21.3-21.10", "P-11528V-3.0", "P-14250V-22.4.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6", "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.7.0.2.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14195V-14.7.0.2.0" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-11528V-3.0", "P-5(Oracle Database)V-19.3-19.19" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.1.1", "P-14250V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2960530.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960573.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.0", "P-13784V-6.0.0.1-6.0.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2957770.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-23.4 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2959207.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-4436V-6.2.1.0-6.2.1.8" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-13784V-7.0.0.0", "P-13872V-14.7.1.0.0", "P-14195V-14.7.1.0.0", "P-14121V-23.1.0", "P-9011V-23.4 and prior", "P-13872V-14.7.0.2.0", "P-13940V-9.1.1.5.0", "P-14277V-22.4.0", "P-13784V-6.0.0.1-6.0.0.3", "P-4461V-9.3.6", "P-14121V-22.4.0", "P-10899V-8.6.0.0", "P-14195V-14.7.0.2.0", "P-14277V-23.1.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14250V-23.1.1", "P-11528V-3.0", "P-14250V-22.4.2" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14250V-23.1.1", "P-11528V-3.0", "P-14250V-22.4.2" ] }, { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ] }, { "cve": "CVE-2023-28709", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-23.1.0", "P-14069V-21.4.6", "P-14069V-22.4.2" ] }, { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "35533907" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35538576" }, { "system_name": "Oracle Bug ID of Oracle Agile Engineering Data Management", "text": "35137250" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35269900" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35533428" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35515995" }, { "system_name": "Oracle Bug ID of Oracle Communications Instant Messaging Server", "text": "35533895" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35269885" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation (Apache Tomcat)). Supported versions that are affected are 6.2.1.0-6.2.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Engineering Data Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Folders, Files and Attachments (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Apache Tomcat)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Apache Tomcat)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: DBPlugin (Apache Tomcat)). The supported version that is affected is 10.0.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via XMPP to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Instant Messaging Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging, Graph Server (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8495V-10.0.1.7.0", "P-14277V-22.4.0", "P-4461V-9.3.6", "P-14121V-22.4.0", "P-8480V-8.0.34 and prior", "P-4436V-6.2.1.0-6.2.1.8", "P-14121V-23.1.0", "P-14277V-23.1.0" ], "known_not_affected": [ "P-5(Oracle Database)V-19.3-19.19", "P-5(Oracle Database)V-21.3-21.10", "P-14069V-21.4.6", "P-14069V-22.4.2", "P-14069V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6", "P-4436V-6.2.1.0-6.2.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2959239.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8495V-10.0.1.7.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2957711.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-14069V-23.1.0", "P-5(Oracle Database)V-19.3-19.19", "P-14069V-21.4.6", "P-14069V-22.4.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-4436V-6.2.1.0-6.2.1.8" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-22.4.0", "P-4461V-9.3.6", "P-14121V-22.4.0", "P-14121V-23.1.0", "P-14277V-23.1.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8495V-10.0.1.7.0", "P-8480V-8.0.34 and prior" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database)V-21.3-21.10", "P-14069V-23.1.0", "P-5(Oracle Database)V-19.3-19.19", "P-14069V-21.4.6", "P-14069V-22.4.2" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-23.1.0", "P-14069V-21.4.6", "P-14069V-22.4.2" ] }, { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ] }, { "cve": "CVE-2023-28856", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "35398439" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35398433" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Fraud Detection Monitor (Redis)). Supported versions that are affected are 23.1.0 and 23.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Fraud Detection Monitor (Redis)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-5.0", "P-10761V-5.1", "P-14118V-23.1.0", "P-14118V-23.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.0", "P-14118V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-5.0", "P-10761V-5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960571.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10761V-5.0", "P-10761V-5.1", "P-14118V-23.1.0", "P-14118V-23.2.0" ] } ] }, { "cve": "CVE-2023-29007", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35472973" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (git)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-8.6.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960570.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10899V-8.6.0.0" ] } ] }, { "cve": "CVE-2023-29469", "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "35431056" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35431073" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (libxml2)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (libxml2)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4627V-8.0.33 and prior", "P-14118V-23.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2958912.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960533.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4627V-8.0.33 and prior", "P-14118V-23.1.1" ] } ] }, { "cve": "CVE-2023-30533", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.10" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35462362" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (Dexie) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.10" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.10" ] } ] }, { "cve": "CVE-2023-30535", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "35331145" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Development Operations (Snowflake JDBC)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2958379.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1479V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-30861", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35450252" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35402538" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35450248" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Automated Test Suite", "text": "35450247" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Flask)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Automated Test Suite Framework (Flask)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Automated Test Suite accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Flask)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Flask)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-22.4.0", "P-14488V-23.1.1", "P-14121V-22.4.0", "P-14123V-23.1.1", "P-14277V-23.1.0", "P-14121V-23.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-22.4.0", "P-14277V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960534.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14488V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960528.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-22.4.0", "P-14121V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2960529.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2960535.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-22.4.0", "P-14488V-23.1.1", "P-14121V-22.4.0", "P-14123V-23.1.1", "P-14277V-23.1.0", "P-14121V-23.1.0" ] } ] }, { "cve": "CVE-2023-34981", "flags": [ { "date": "2023-07-18T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35538576" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ], "url": "https://support.oracle.com/rs?type=doc&id=2946185.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ], "threats": [ { "category": "impact", "date": "2023-07-18T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-5(Oracle Database)V-21.3-21.10", "P-5(Oracle Database)V-19.3-19.19" ] } ] } ] }