{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "publisher": { "category": "vendor", "name": "Oracle", "namespace": "https://www.oracle.com" }, "references": [ { "summary": "URL to html version of Advisory", "url": "https://www.oracle.com/security-alerts/cpuoct2023.html" }, { "category": "self", "summary": "URL to CSAF version of Advisory", "url": "https://www.oracle.com/docs/tech/security-alerts/cpuoct2023csaf.json" } ], "title": "Oracle Critical Patch Update Advisory - October 2023 - Oracle CSAF", "tracking": { "current_release_date": "2023-12-08T16:00:00-07:00", "id": "CPUOct2023csaf", "initial_release_date": "2023-10-17T13:00:00-07:00", "revision_history": [ { "date": "2023-10-17T13:00:00-07:00", "number": "1", "summary": "Initial Release" }, { "date": "2023-10-19T10:00:00-07:00", "number": "2", "summary": "Rev 2. Credit added for CVE-2023-22086; Java and GraalVM version updates" }, { "date": "2023-10-31T09:00:00-07:00", "number": "3", "summary": "Rev 3. VirtualBox CVSS changes for CVE-2023-22099" }, { "date": "2023-11-07T09:00:00-07:00", "number": "4", "summary": "Rev 4. GraalVM affected version changes; Weblogic affected version changes" }, { "date": "2023-12-08T16:00:00-07:00", "number": "5", "summary": "Rev 5. CVSS Score change for CVE-2023-22098" } ], "status": "draft", "version": "5" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "BI Publisher Version 12.2.1.4.0", "product": { "name": "BI Publisher Version 12.2.1.4.0", "product_id": "P-1479V-12.2.1.4.0" } }, { "category": "product_version", "name": "BI Publisher Version 6.4.0.0.0", "product": { "name": "BI Publisher Version 6.4.0.0.0", "product_id": "P-1479V-6.4.0.0.0" } }, { "category": "product_version", "name": "BI Publisher Version 7.0.0.0.0", "product": { "name": "BI Publisher Version 7.0.0.0.0", "product_id": "P-1479V-7.0.0.0.0" } } ], "category": "product_name", "name": "BI Publisher" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 12.2.1.4.0", "product_id": "P-2025V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 6.4.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 6.4.0.0.0", "product_id": "P-2025V-6.4.0.0.0" } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 7.0.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 7.0.0.0.0", "product_id": "P-2025V-7.0.0.0.0" } } ], "category": "product_name", "name": "Oracle Business Intelligence Enterprise Edition" } ], "category": "product_family", "name": "Oracle Analytics" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Big Data Spatial and Graph Version 2.5 and prior", "product": { "name": "Oracle Big Data Spatial and Graph Version 2.5 and prior", "product_id": "P-11528V-2.5 and prior" } } ], "category": "product_name", "name": "Oracle Big Data Spatial and Graph" } ], "category": "product_family", "name": "Oracle Big Data Spatial and Graph" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Commerce Guided Search Version 11.3.2", "product": { "name": "Oracle Commerce Guided Search Version 11.3.2", "product_id": "P-9633V-11.3.2" } } ], "category": "product_name", "name": "Oracle Commerce Guided Search" } ], "category": "product_family", "name": "Oracle Commerce" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Management Cloud Engine Version 23.1.0.0", "product": { "name": "Management Cloud Engine Version 23.1.0.0", "product_id": "P-14252V-23.1.0.0" } } ], "category": "product_name", "name": "Management Cloud Engine" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.1.0-23.1.7", "product": { "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.1.0-23.1.7", "product_id": "P-14121V-23.1.0-23.1.7" } }, { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.1.0-23.1.8", "product": { "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.1.0-23.1.8", "product_id": "P-14121V-23.1.0-23.1.8" } }, { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.2.0-23.2.2", "product": { "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.2.0-23.2.2", "product_id": "P-14121V-23.2.0-23.2.2" } }, { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.2.0-23.2.4", "product": { "name": "Oracle Communications Cloud Native Core Binding Support Function Version 23.2.0-23.2.4", "product_id": "P-14121V-23.2.0-23.2.4" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Binding Support Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Console Version 23.1.1", "product": { "name": "Oracle Communications Cloud Native Core Console Version 23.1.1", "product_id": "P-14250V-23.1.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Console Version 23.1.2", "product": { "name": "Oracle Communications Cloud Native Core Console Version 23.1.2", "product_id": "P-14250V-23.1.2" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Console Version 23.2.1", "product": { "name": "Oracle Communications Cloud Native Core Console Version 23.2.1", "product_id": "P-14250V-23.2.1" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Console" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 23.1.3", "product": { "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 23.1.3", "product_id": "P-14122V-23.1.3" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 23.3.0", "product_id": "P-14122V-23.3.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Exposure Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.2.0", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.2.0", "product_id": "P-14125V-23.2.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.2.2", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 23.2.2", "product_id": "P-14125V-23.2.2" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.1.3", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.1.3", "product_id": "P-14118V-23.1.3" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.2.1", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.2.1", "product_id": "P-14118V-23.2.1" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function Version 23.3.0", "product_id": "P-14118V-23.3.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Repository Function" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Policy Version 23.1.0-23.1.8", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 23.1.0-23.1.8", "product_id": "P-14277V-23.1.0-23.1.8" } }, { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Policy Version 23.2.0-23.2.2", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 23.2.0-23.2.2", "product_id": "P-14277V-23.2.0-23.2.2" } }, { "category": "product_version_range", "name": "Oracle Communications Cloud Native Core Policy Version 23.2.0-23.2.4", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 23.2.0-23.2.4", "product_id": "P-14277V-23.2.0-23.2.4" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Policy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.0", "product_id": "P-14123V-23.1.0" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.3", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.1.3", "product_id": "P-14123V-23.1.3" } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.3.0", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 23.3.0", "product_id": "P-14123V-23.3.0" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.1.2", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 23.1.2", "product_id": "P-14119V-23.1.2" } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Unified Data Repository" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Diameter Signaling Router Version 8.6.0.0", "product": { "name": "Oracle Communications Diameter Signaling Router Version 8.6.0.0", "product_id": "P-10899V-8.6.0.0" } }, { "category": "product_version", "name": "Oracle Communications Diameter Signaling Router Version 9.0.0.0", "product": { "name": "Oracle Communications Diameter Signaling Router Version 9.0.0.0", "product_id": "P-10899V-9.0.0.0" } } ], "category": "product_name", "name": "Oracle Communications Diameter Signaling Router" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Element Manager Version 9.0.0-9.0.2", "product": { "name": "Oracle Communications Element Manager Version 9.0.0-9.0.2", "product_id": "P-11052V-9.0.0-9.0.2" } } ], "category": "product_name", "name": "Oracle Communications Element Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Network Analytics Data Director Version 23.2.0", "product": { "name": "Oracle Communications Network Analytics Data Director Version 23.2.0", "product_id": "P-14547V-23.2.0" } } ], "category": "product_name", "name": "Oracle Communications Network Analytics Data Director" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Policy Management Version 12.6.0.0", "product": { "name": "Oracle Communications Policy Management Version 12.6.0.0", "product_id": "P-10900V-12.6.0.0" } } ], "category": "product_name", "name": "Oracle Communications Policy Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Session Report Manager Version 9.0.0-9.0.2", "product": { "name": "Oracle Communications Session Report Manager Version 9.0.0-9.0.2", "product_id": "P-10770V-9.0.0-9.0.2" } } ], "category": "product_name", "name": "Oracle Communications Session Report Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications WebRTC Session Controller Version 7.2.0.0.0", "product": { "name": "Oracle Communications WebRTC Session Controller Version 7.2.0.0.0", "product_id": "P-10811V-7.2.0.0.0" } }, { "category": "product_version", "name": "Oracle Communications WebRTC Session Controller Version 7.2.1.0.0", "product": { "name": "Oracle Communications WebRTC Session Controller Version 7.2.1.0.0", "product_id": "P-10811V-7.2.1.0.0" } } ], "category": "product_name", "name": "Oracle Communications WebRTC Session Controller" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Communications Broker Version 3.3", "product": { "name": "Oracle Enterprise Communications Broker Version 3.3", "product_id": "P-10758V-3.3" } }, { "category": "product_version", "name": "Oracle Enterprise Communications Broker Version 4.0", "product": { "name": "Oracle Enterprise Communications Broker Version 4.0", "product_id": "P-10758V-4.0" } }, { "category": "product_version", "name": "Oracle Enterprise Communications Broker Version 4.1", "product": { "name": "Oracle Enterprise Communications Broker Version 4.1", "product_id": "P-10758V-4.1" } } ], "category": "product_name", "name": "Oracle Enterprise Communications Broker" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Operations Monitor Version 5.0", "product": { "name": "Oracle Enterprise Operations Monitor Version 5.0", "product_id": "P-10762V-5.0" } }, { "category": "product_version", "name": "Oracle Enterprise Operations Monitor Version 5.1", "product": { "name": "Oracle Enterprise Operations Monitor Version 5.1", "product_id": "P-10762V-5.1" } } ], "category": "product_name", "name": "Oracle Enterprise Operations Monitor" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Enterprise Session Border Controller Version 9.0-9.2", "product": { "name": "Oracle Enterprise Session Border Controller Version 9.0-9.2", "product_id": "P-10757V-9.0-9.2" } } ], "category": "product_name", "name": "Oracle Enterprise Session Border Controller" }, { "branches": [ { "category": "product_version", "name": "Oracle SD-WAN Edge Version 9.1.1.5.0", "product": { "name": "Oracle SD-WAN Edge Version 9.1.1.5.0", "product_id": "P-13940V-9.1.1.5.0" } }, { "category": "product_version", "name": "Oracle SD-WAN Edge Version 9.1.1.6.0", "product": { "name": "Oracle SD-WAN Edge Version 9.1.1.6.0", "product_id": "P-13940V-9.1.1.6.0" } } ], "category": "product_name", "name": "Oracle SD-WAN Edge" } ], "category": "product_family", "name": "Oracle Communications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4-12.0.0.8", "product": { "name": "Oracle Communications BRM - Elastic Charging Engine Version 12.0.0.4-12.0.0.8", "product_id": "P-9742V-12.0.0.4-12.0.0.8" } } ], "category": "product_name", "name": "Oracle Communications BRM - Elastic Charging Engine" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Convergent Charging Controller Version 12.0.6.0", "product": { "name": "Oracle Communications Convergent Charging Controller Version 12.0.6.0", "product_id": "P-12985V-12.0.6.0" } } ], "category": "product_name", "name": "Oracle Communications Convergent Charging Controller" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications IP Service Activator Version 7.4.0", "product": { "name": "Oracle Communications IP Service Activator Version 7.4.0", "product_id": "P-2261V-7.4.0" } }, { "category": "product_version", "name": "Oracle Communications IP Service Activator Version 7.5.0", "product": { "name": "Oracle Communications IP Service Activator Version 7.5.0", "product_id": "P-2261V-7.5.0" } } ], "category": "product_name", "name": "Oracle Communications IP Service Activator" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications MetaSolv Solution Version 6.3.1.0.0", "product": { "name": "Oracle Communications MetaSolv Solution Version 6.3.1.0.0", "product_id": "P-2267V-6.3.1.0.0" } } ], "category": "product_name", "name": "Oracle Communications MetaSolv Solution" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Network Charging and Control Version 12.0.6.0", "product": { "name": "Oracle Communications Network Charging and Control Version 12.0.6.0", "product_id": "P-4623V-12.0.6.0" } } ], "category": "product_name", "name": "Oracle Communications Network Charging and Control" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.4.0", "product": { "name": "Oracle Communications Order and Service Management Version 7.4.0", "product_id": "P-2270V-7.4.0" } }, { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.4.1", "product": { "name": "Oracle Communications Order and Service Management Version 7.4.1", "product_id": "P-2270V-7.4.1" } } ], "category": "product_name", "name": "Oracle Communications Order and Service Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 5.5.0-5.5.17", "product": { "name": "Oracle Communications Unified Assurance Version 5.5.0-5.5.17", "product_id": "P-14597V-5.5.0-5.5.17" } }, { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 6.0.0-6.0.2", "product": { "name": "Oracle Communications Unified Assurance Version 6.0.0-6.0.2", "product_id": "P-14597V-6.0.0-6.0.2" } }, { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 6.0.0-6.0.3", "product": { "name": "Oracle Communications Unified Assurance Version 6.0.0-6.0.3", "product_id": "P-14597V-6.0.0-6.0.3" } } ], "category": "product_name", "name": "Oracle Communications Unified Assurance" } ], "category": "product_family", "name": "Oracle Communications Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Primavera Gateway Version 19.12.0-19.12.17", "product": { "name": "Primavera Gateway Version 19.12.0-19.12.17", "product_id": "P-10605V-19.12.0-19.12.17" } }, { "category": "product_version_range", "name": "Primavera Gateway Version 20.12.0-20.12.12", "product": { "name": "Primavera Gateway Version 20.12.0-20.12.12", "product_id": "P-10605V-20.12.0-20.12.12" } }, { "category": "product_version_range", "name": "Primavera Gateway Version 21.12.0-21.12.10", "product": { "name": "Primavera Gateway Version 21.12.0-21.12.10", "product_id": "P-10605V-21.12.0-21.12.10" } } ], "category": "product_name", "name": "Primavera Gateway" }, { "branches": [ { "category": "product_version_range", "name": "Primavera Unifier Version 19.12.0-19.12.16", "product": { "name": "Primavera Unifier Version 19.12.0-19.12.16", "product_id": "P-10354V-19.12.0-19.12.16" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 20.12.0-20.12.16", "product": { "name": "Primavera Unifier Version 20.12.0-20.12.16", "product_id": "P-10354V-20.12.0-20.12.16" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 21.12.0-21.12.16", "product": { "name": "Primavera Unifier Version 21.12.0-21.12.16", "product_id": "P-10354V-21.12.0-21.12.16" } }, { "category": "product_version_range", "name": "Primavera Unifier Version 22.12.0-22.12.9", "product": { "name": "Primavera Unifier Version 22.12.0-22.12.9", "product_id": "P-10354V-22.12.0-22.12.9" } } ], "category": "product_name", "name": "Primavera Unifier" } ], "category": "product_family", "name": "Oracle Construction and Engineering" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Database Server(Database Core) Version 19.3-19.20", "product": { "name": "Oracle Database Server(Database Core) Version 19.3-19.20", "product_id": "P-5(Database Core)V-19.3-19.20" } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 19.3-19.20", "product": { "name": "Oracle Database Server(Java VM) Version 19.3-19.20", "product_id": "P-5(Java VM)V-19.3-19.20" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Fleet Patching and Provisioning) Version 19.3-19.20", "product": { "name": "Oracle Database Server(Oracle Database Fleet Patching and Provisioning) Version 19.3-19.20", "product_id": "P-5(Oracle Database Fleet Patching and Provisioning)V-19.3-19.20" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Recovery Manager) Version 19.3-19.20", "product": { "name": "Oracle Database Server(Oracle Database Recovery Manager) Version 19.3-19.20", "product_id": "P-5(Oracle Database Recovery Manager)V-19.3-19.20" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Sharding) Version 19.3-19.20", "product": { "name": "Oracle Database Server(Oracle Database Sharding) Version 19.3-19.20", "product_id": "P-5(Oracle Database Sharding)V-19.3-19.20" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Notification Server) Version 19.3-19.20", "product": { "name": "Oracle Database Server(Oracle Notification Server) Version 19.3-19.20", "product_id": "P-5(Oracle Notification Server)V-19.3-19.20" } }, { "category": "product_version_range", "name": "Oracle Database Server(SQLcl) Version 19.3-19.20", "product": { "name": "Oracle Database Server(SQLcl) Version 19.3-19.20", "product_id": "P-5(SQLcl)V-19.3-19.20" } }, { "category": "product_version_range", "name": "Oracle Database Server(Database Core) Version 21.3-21.11", "product": { "name": "Oracle Database Server(Database Core) Version 21.3-21.11", "product_id": "P-5(Database Core)V-21.3-21.11" } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 21.3-21.11", "product": { "name": "Oracle Database Server(Java VM) Version 21.3-21.11", "product_id": "P-5(Java VM)V-21.3-21.11" } }, { "category": "product_version_range", "name": "Oracle Database Server(OML4Py) Version 21.3-21.11", "product": { "name": "Oracle Database Server(OML4Py) Version 21.3-21.11", "product_id": "P-5(OML4Py)V-21.3-21.11" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Fleet Patching and Provisioning) Version 21.3-21.11", "product": { "name": "Oracle Database Server(Oracle Database Fleet Patching and Provisioning) Version 21.3-21.11", "product_id": "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.11" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Recovery Manager) Version 21.3-21.11", "product": { "name": "Oracle Database Server(Oracle Database Recovery Manager) Version 21.3-21.11", "product_id": "P-5(Oracle Database Recovery Manager)V-21.3-21.11" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Sharding) Version 21.3-21.11", "product": { "name": "Oracle Database Server(Oracle Database Sharding) Version 21.3-21.11", "product_id": "P-5(Oracle Database Sharding)V-21.3-21.11" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Database Workload Manager) Version 21.3-21.11", "product": { "name": "Oracle Database Server(Oracle Database Workload Manager) Version 21.3-21.11", "product_id": "P-5(Oracle Database Workload Manager)V-21.3-21.11" } }, { "category": "product_version_range", "name": "Oracle Database Server(Oracle Notification Server) Version 21.3-21.11", "product": { "name": "Oracle Database Server(Oracle Notification Server) Version 21.3-21.11", "product_id": "P-5(Oracle Notification Server)V-21.3-21.11" } }, { "category": "product_version_range", "name": "Oracle Database Server(SQLcl) Version 21.3-21.11", "product": { "name": "Oracle Database Server(SQLcl) Version 21.3-21.11", "product_id": "P-5(SQLcl)V-21.3-21.11" } } ], "category": "product_name", "name": "Oracle Database Server" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Spatial and Graph Version 19.3-19.20", "product": { "name": "Oracle Spatial and Graph Version 19.3-19.20", "product_id": "P-619V-19.3-19.20" } }, { "category": "product_version_range", "name": "Oracle Spatial and Graph Version 21.3-21.11", "product": { "name": "Oracle Spatial and Graph Version 21.3-21.11", "product_id": "P-619V-21.3-21.11" } } ], "category": "product_name", "name": "Oracle Spatial and Graph" }, { "branches": [ { "category": "product_version_range", "name": "PL/SQL Version 19.3-19.20", "product": { "name": "PL/SQL Version 19.3-19.20", "product_id": "P-11V-19.3-19.20" } }, { "category": "product_version_range", "name": "PL/SQL Version 21.3-21.11", "product": { "name": "PL/SQL Version 21.3-21.11", "product_id": "P-11V-21.3-21.11" } } ], "category": "product_name", "name": "PL/SQL" } ], "category": "product_family", "name": "Oracle Database Server" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Applications Framework Version 12.2.3-12.2.12", "product": { "name": "Oracle Applications Framework Version 12.2.3-12.2.12", "product_id": "P-1472V-12.2.3-12.2.12" } } ], "category": "product_name", "name": "Oracle Applications Framework" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Command Center Framework Version 10", "product": { "name": "Oracle Enterprise Command Center Framework Version 10", "product_id": "P-13788V-10" } }, { "category": "product_version", "name": "Oracle Enterprise Command Center Framework Version 9", "product": { "name": "Oracle Enterprise Command Center Framework Version 9", "product_id": "P-13788V-9" } }, { "category": "product_version", "name": "Oracle Enterprise Command Center Framework Version ECC: 8", "product": { "name": "Oracle Enterprise Command Center Framework Version ECC: 8", "product_id": "P-13788V-ECC: 8" } } ], "category": "product_name", "name": "Oracle Enterprise Command Center Framework" }, { "branches": [ { "category": "product_version_range", "name": "Oracle iRecruitment Version 12.2.3-12.2.12", "product": { "name": "Oracle iRecruitment Version 12.2.3-12.2.12", "product_id": "P-1193V-12.2.3-12.2.12" } } ], "category": "product_name", "name": "Oracle iRecruitment" } ], "category": "product_family", "name": "Oracle E-Business Suite" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Application Testing Suite Version 13.3.0.1", "product": { "name": "Oracle Application Testing Suite Version 13.3.0.1", "product_id": "P-4622V-13.3.0.1" } } ], "category": "product_name", "name": "Oracle Application Testing Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform Version 13.5.0.0", "product": { "name": "Oracle Enterprise Manager Base Platform Version 13.5.0.0", "product_id": "P-1370V-13.5.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager Base Platform" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager Ops Center Version 12.4.0.0", "product": { "name": "Oracle Enterprise Manager Ops Center Version 12.4.0.0", "product_id": "P-9835V-12.4.0.0" } } ], "category": "product_name", "name": "Oracle Enterprise Manager Ops Center" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager for Peoplesoft Version 13.5.1.1", "product": { "name": "Oracle Enterprise Manager for Peoplesoft Version 13.5.1.1", "product_id": "P-2131V-13.5.1.1" } } ], "category": "product_name", "name": "Oracle Enterprise Manager for Peoplesoft" } ], "category": "product_family", "name": "Oracle Enterprise Manager" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Essbase Version 21.5.0.0.0", "product": { "name": "Oracle Essbase Version 21.5.0.0.0", "product_id": "P-4379V-21.5.0.0.0" } } ], "category": "product_name", "name": "Oracle Essbase" } ], "category": "product_family", "name": "Oracle Essbase" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Banking APIs Version 18.3", "product": { "name": "Oracle Banking APIs Version 18.3", "product_id": "P-13676V-18.3" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 19.1", "product": { "name": "Oracle Banking APIs Version 19.1", "product_id": "P-13676V-19.1" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 19.2", "product": { "name": "Oracle Banking APIs Version 19.2", "product_id": "P-13676V-19.2" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 21.1", "product": { "name": "Oracle Banking APIs Version 21.1", "product_id": "P-13676V-21.1" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 22.1", "product": { "name": "Oracle Banking APIs Version 22.1", "product_id": "P-13676V-22.1" } }, { "category": "product_version", "name": "Oracle Banking APIs Version 22.2", "product": { "name": "Oracle Banking APIs Version 22.2", "product_id": "P-13676V-22.2" } } ], "category": "product_name", "name": "Oracle Banking APIs" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Branch Version 14.5-14.7", "product": { "name": "Oracle Banking Branch Version 14.5-14.7", "product_id": "P-14324V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Branch" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Cash Management Version 14.5-14.7", "product": { "name": "Oracle Banking Cash Management Version 14.5-14.7", "product_id": "P-14195V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Cash Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Corporate Lending Version 14.0-14.3", "product": { "name": "Oracle Banking Corporate Lending Version 14.0-14.3", "product_id": "P-12989V-14.0-14.3" } }, { "category": "product_version_range", "name": "Oracle Banking Corporate Lending Version 14.5-14.7", "product": { "name": "Oracle Banking Corporate Lending Version 14.5-14.7", "product_id": "P-12989V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Corporate Lending" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Corporate Lending Process Management Version 14.5-14.7", "product": { "name": "Oracle Banking Corporate Lending Process Management Version 14.5-14.7", "product_id": "P-13701V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Corporate Lending Process Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Credit Facilities Process Management Version 14.5-14.7", "product": { "name": "Oracle Banking Credit Facilities Process Management Version 14.5-14.7", "product_id": "P-13703V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Credit Facilities Process Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Deposits and Lines of Credit Servicing Version 2.12", "product": { "name": "Oracle Banking Deposits and Lines of Credit Servicing Version 2.12", "product_id": "P-13928V-2.12" } }, { "category": "product_version", "name": "Oracle Banking Deposits and Lines of Credit Servicing Version 2.7", "product": { "name": "Oracle Banking Deposits and Lines of Credit Servicing Version 2.7", "product_id": "P-13928V-2.7" } } ], "category": "product_name", "name": "Oracle Banking Deposits and Lines of Credit Servicing" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Digital Experience Version 18.3", "product": { "name": "Oracle Banking Digital Experience Version 18.3", "product_id": "P-12605V-18.3" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 19.1", "product": { "name": "Oracle Banking Digital Experience Version 19.1", "product_id": "P-12605V-19.1" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 19.2", "product": { "name": "Oracle Banking Digital Experience Version 19.2", "product_id": "P-12605V-19.2" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 21.1", "product": { "name": "Oracle Banking Digital Experience Version 21.1", "product_id": "P-12605V-21.1" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 22.1", "product": { "name": "Oracle Banking Digital Experience Version 22.1", "product_id": "P-12605V-22.1" } }, { "category": "product_version", "name": "Oracle Banking Digital Experience Version 22.2", "product": { "name": "Oracle Banking Digital Experience Version 22.2", "product_id": "P-12605V-22.2" } } ], "category": "product_name", "name": "Oracle Banking Digital Experience" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Electronic Data Exchange for Corporates Version 14.5-14.7", "product": { "name": "Oracle Banking Electronic Data Exchange for Corporates Version 14.5-14.7", "product_id": "P-14393V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Electronic Data Exchange for Corporates" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Liquidity Management Version 14.5-14.7", "product": { "name": "Oracle Banking Liquidity Management Version 14.5-14.7", "product_id": "P-13304V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Liquidity Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Loans Servicing Version 2.12", "product": { "name": "Oracle Banking Loans Servicing Version 2.12", "product_id": "P-13927V-2.12" } } ], "category": "product_name", "name": "Oracle Banking Loans Servicing" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Origination Version 14.5-14.7", "product": { "name": "Oracle Banking Origination Version 14.5-14.7", "product_id": "P-14325V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Origination" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Party Management Version 2.7", "product": { "name": "Oracle Banking Party Management Version 2.7", "product_id": "P-13929V-2.7" } } ], "category": "product_name", "name": "Oracle Banking Party Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Payments Version 14.0-14.3", "product": { "name": "Oracle Banking Payments Version 14.0-14.3", "product_id": "P-13011V-14.0-14.3" } }, { "category": "product_version_range", "name": "Oracle Banking Payments Version 14.5-14.7", "product": { "name": "Oracle Banking Payments Version 14.5-14.7", "product_id": "P-13011V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Payments" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Platform Version 2.6.2", "product": { "name": "Oracle Banking Platform Version 2.6.2", "product_id": "P-9178V-2.6.2" } }, { "category": "product_version", "name": "Oracle Banking Platform Version 2.9.0", "product": { "name": "Oracle Banking Platform Version 2.9.0", "product_id": "P-9178V-2.9.0" } } ], "category": "product_name", "name": "Oracle Banking Platform" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Supply Chain Finance Version 14.5-14.7", "product": { "name": "Oracle Banking Supply Chain Finance Version 14.5-14.7", "product_id": "P-13872V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Supply Chain Finance" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Trade Finance Version 14.5-14.7", "product": { "name": "Oracle Banking Trade Finance Version 14.5-14.7", "product_id": "P-14134V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Trade Finance" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Trade Finance Process Management Version 14.5-14.7", "product": { "name": "Oracle Banking Trade Finance Process Management Version 14.5-14.7", "product_id": "P-13718V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Trade Finance Process Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Virtual Account Management Version 14.5-14.7", "product": { "name": "Oracle Banking Virtual Account Management Version 14.5-14.7", "product_id": "P-13487V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle Banking Virtual Account Management" }, { "branches": [ { "category": "product_version", "name": "Oracle FLEXCUBE Core Banking Version 11.10", "product": { "name": "Oracle FLEXCUBE Core Banking Version 11.10", "product_id": "P-9101V-11.10" } }, { "category": "product_version", "name": "Oracle FLEXCUBE Core Banking Version 11.11", "product": { "name": "Oracle FLEXCUBE Core Banking Version 11.11", "product_id": "P-9101V-11.11" } }, { "category": "product_version_range", "name": "Oracle FLEXCUBE Core Banking Version 11.6-11.8", "product": { "name": "Oracle FLEXCUBE Core Banking Version 11.6-11.8", "product_id": "P-9101V-11.6-11.8" } } ], "category": "product_name", "name": "Oracle FLEXCUBE Core Banking" }, { "branches": [ { "category": "product_version", "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 12.3", "product": { "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 12.3", "product_id": "P-9100V-12.3" } }, { "category": "product_version", "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 12.4", "product": { "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 12.4", "product_id": "P-9100V-12.4" } }, { "category": "product_version_range", "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 14.0-14.3", "product": { "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 14.0-14.3", "product_id": "P-9100V-14.0-14.3" } }, { "category": "product_version_range", "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 14.5-14.7", "product": { "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 14.5-14.7", "product_id": "P-9100V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management" }, { "branches": [ { "category": "product_version", "name": "Oracle FLEXCUBE Universal Banking Version 12.3", "product": { "name": "Oracle FLEXCUBE Universal Banking Version 12.3", "product_id": "P-9052V-12.3" } }, { "category": "product_version", "name": "Oracle FLEXCUBE Universal Banking Version 12.4", "product": { "name": "Oracle FLEXCUBE Universal Banking Version 12.4", "product_id": "P-9052V-12.4" } }, { "category": "product_version_range", "name": "Oracle FLEXCUBE Universal Banking Version 14.0-14.3", "product": { "name": "Oracle FLEXCUBE Universal Banking Version 14.0-14.3", "product_id": "P-9052V-14.0-14.3" } }, { "category": "product_version_range", "name": "Oracle FLEXCUBE Universal Banking Version 14.5-14.7", "product": { "name": "Oracle FLEXCUBE Universal Banking Version 14.5-14.7", "product_id": "P-9052V-14.5-14.7" } } ], "category": "product_name", "name": "Oracle FLEXCUBE Universal Banking" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Cash Flow Engine Version 8.1.2.0.0", "product": { "name": "Oracle Financial Services Cash Flow Engine Version 8.1.2.0.0", "product_id": "P-14105V-8.1.2.0.0" } } ], "category": "product_name", "name": "Oracle Financial Services Cash Flow Engine" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Model Management and Governance Version 8.1.2.3", "product": { "name": "Oracle Financial Services Model Management and Governance Version 8.1.2.3", "product_id": "P-14276V-8.1.2.3" } }, { "category": "product_version", "name": "Oracle Financial Services Model Management and Governance Version 8.1.2.4", "product": { "name": "Oracle Financial Services Model Management and Governance Version 8.1.2.4", "product_id": "P-14276V-8.1.2.4" } } ], "category": "product_name", "name": "Oracle Financial Services Model Management and Governance" } ], "category": "product_family", "name": "Oracle Financial Services Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Access Manager Version 12.2.1.4.0", "product": { "name": "Oracle Access Manager Version 12.2.1.4.0", "product_id": "P-5565V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Access Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Process Management Suite Version 12.2.1.4.0", "product": { "name": "Oracle Business Process Management Suite Version 12.2.1.4.0", "product_id": "P-5325V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Business Process Management Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Coherence Version 12.2.1.4.0", "product": { "name": "Oracle Coherence Version 12.2.1.4.0", "product_id": "P-2545V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle Coherence Version 14.1.1.0.0", "product": { "name": "Oracle Coherence Version 14.1.1.0.0", "product_id": "P-2545V-14.1.1.0.0" } } ], "category": "product_name", "name": "Oracle Coherence" }, { "branches": [ { "category": "product_version", "name": "Oracle Data Integrator Version 12.2.1.4.0", "product": { "name": "Oracle Data Integrator Version 12.2.1.4.0", "product_id": "P-2196V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Data Integrator" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Data Quality Version 12.2.1.4.0", "product": { "name": "Oracle Enterprise Data Quality Version 12.2.1.4.0", "product_id": "P-9464V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Enterprise Data Quality" }, { "branches": [ { "category": "product_version", "name": "Oracle Fusion Middleware MapViewer Version 12.2.1.4.0", "product": { "name": "Oracle Fusion Middleware MapViewer Version 12.2.1.4.0", "product_id": "P-1215V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Fusion Middleware MapViewer" }, { "branches": [ { "category": "product_version", "name": "Oracle HTTP Server Version 12.2.1.4.0", "product": { "name": "Oracle HTTP Server Version 12.2.1.4.0", "product_id": "P-1042V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle HTTP Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Identity Manager Version 12.2.1.4.0", "product": { "name": "Oracle Identity Manager Version 12.2.1.4.0", "product_id": "P-1980V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Identity Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Managed File Transfer Version 12.2.1.4.0", "product": { "name": "Oracle Managed File Transfer Version 12.2.1.4.0", "product_id": "P-10198V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Managed File Transfer" }, { "branches": [ { "category": "product_version", "name": "Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0", "product": { "name": "Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0", "product_id": "P-4647V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Middleware Common Libraries and Tools" }, { "branches": [ { "category": "product_version", "name": "Oracle Outside In Technology Version 8.5.6", "product": { "name": "Oracle Outside In Technology Version 8.5.6", "product_id": "P-2276V-8.5.6" } } ], "category": "product_name", "name": "Oracle Outside In Technology" }, { "branches": [ { "category": "product_version", "name": "Oracle SOA Suite Version 12.2.1.4.0", "product": { "name": "Oracle SOA Suite Version 12.2.1.4.0", "product_id": "P-1162V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle SOA Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Service Bus Version 12.2.1.4.0", "product": { "name": "Oracle Service Bus Version 12.2.1.4.0", "product_id": "P-5308V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Service Bus" }, { "branches": [ { "category": "product_version", "name": "Oracle Unified Directory Version 12.2.1.4.0", "product": { "name": "Oracle Unified Directory Version 12.2.1.4.0", "product_id": "P-9118V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle Unified Directory" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Content Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Content Version 12.2.1.4.0", "product_id": "P-2271V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle WebCenter Content" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Portal Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Portal Version 12.2.1.4.0", "product_id": "P-1696V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle WebCenter Portal" }, { "branches": [ { "category": "product_version", "name": "Oracle WebLogic Server Version 12.2.1.3.0", "product": { "name": "Oracle WebLogic Server Version 12.2.1.3.0", "product_id": "P-5242V-12.2.1.3.0" } }, { "category": "product_version", "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product": { "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product_id": "P-5242V-12.2.1.4.0" } }, { "category": "product_version", "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product": { "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product_id": "P-5242V-14.1.1.0.0" } } ], "category": "product_name", "name": "Oracle WebLogic Server" } ], "category": "product_family", "name": "Oracle Fusion Middleware" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Global Lifecycle Management OPatch Version Prior to 12.2.0.1.38", "product": { "name": "Oracle Global Lifecycle Management OPatch Version Prior to 12.2.0.1.38", "product_id": "P-12753V-Prior to 12.2.0.1.38" } }, { "category": "product_version_range", "name": "Oracle Global Lifecycle Management OPatch Version Prior to 12.2.0.1.40", "product": { "name": "Oracle Global Lifecycle Management OPatch Version Prior to 12.2.0.1.40", "product_id": "P-12753V-Prior to 12.2.0.1.40" } } ], "category": "product_name", "name": "Oracle Global Lifecycle Management OPatch" } ], "category": "product_family", "name": "Oracle Global Lifecycle Management" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "GoldenGate Big Data Version 21.3-21.10", "product": { "name": "GoldenGate Big Data Version 21.3-21.10", "product_id": "P-5760V-21.3-21.10" } } ], "category": "product_name", "name": "GoldenGate Big Data" }, { "branches": [ { "category": "product_version_range", "name": "GoldenGate Veridata Version 12.2.1.4.0-12.2.1.4.230922", "product": { "name": "GoldenGate Veridata Version 12.2.1.4.0-12.2.1.4.230922", "product_id": "P-5758V-12.2.1.4.0-12.2.1.4.230922" } } ], "category": "product_name", "name": "GoldenGate Veridata" }, { "branches": [ { "category": "product_version", "name": "Oracle GoldenGate Studio Version 12.2.1.4.0", "product": { "name": "Oracle GoldenGate Studio Version 12.2.1.4.0", "product_id": "P-10945V-12.2.1.4.0" } } ], "category": "product_name", "name": "Oracle GoldenGate Studio" } ], "category": "product_family", "name": "Oracle GoldenGate" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Graph Server and Client Version 22.4.4 and prior", "product": { "name": "Graph Server and Client Version 22.4.4 and prior", "product_id": "P-14069V-22.4.4 and prior" } } ], "category": "product_name", "name": "Graph Server and Client" } ], "category": "product_family", "name": "Oracle Graph Server and Client" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Life Sciences InForm Version 7.0.0.0", "product": { "name": "Oracle Life Sciences InForm Version 7.0.0.0", "product_id": "P-9636V-7.0.0.0" } } ], "category": "product_name", "name": "Oracle Life Sciences InForm" }, { "branches": [ { "category": "product_version", "name": "Oracle Life Sciences InForm Publisher Version 6.3.1.0", "product": { "name": "Oracle Life Sciences InForm Publisher Version 6.3.1.0", "product_id": "P-9638V-6.3.1.0" } } ], "category": "product_name", "name": "Oracle Life Sciences InForm Publisher" } ], "category": "product_family", "name": "Oracle Health Sciences Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Healthcare Master Person Index Version 5.0.0-5.0.6", "product": { "name": "Oracle Healthcare Master Person Index Version 5.0.0-5.0.6", "product_id": "P-8575V-5.0.0-5.0.6" } } ], "category": "product_name", "name": "Oracle Healthcare Master Person Index" } ], "category": "product_family", "name": "Oracle HealthCare Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Hospitality OPERA 5 Property Services Version 5.6", "product": { "name": "Hospitality OPERA 5 Property Services Version 5.6", "product_id": "P-11580V-5.6" } } ], "category": "product_name", "name": "Hospitality OPERA 5 Property Services" } ], "category": "product_family", "name": "Oracle Hospitality Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Infrastructure Technology Version 11.2.14.0.000", "product": { "name": "Oracle Hyperion Infrastructure Technology Version 11.2.14.0.000", "product_id": "P-4392V-11.2.14.0.000" } } ], "category": "product_name", "name": "Oracle Hyperion Infrastructure Technology" } ], "category": "product_family", "name": "Oracle Hyperion" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Documaker Version 12.6.4-12.7.1", "product": { "name": "Oracle Documaker Version 12.6.4-12.7.1", "product_id": "P-5477V-12.6.4-12.7.1" } } ], "category": "product_name", "name": "Oracle Documaker" } ], "category": "product_family", "name": "Oracle Insurance Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "JD Edwards EnterpriseOne Tools Version 9.2.7", "product": { "name": "JD Edwards EnterpriseOne Tools Version 9.2.7", "product_id": "P-4781V-9.2.7" } } ], "category": "product_name", "name": "JD Edwards EnterpriseOne Tools" } ], "category": "product_family", "name": "Oracle JD Edwards" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:20.3.11", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:20.3.11", "product_id": "P-13497V-Oracle GraalVM Enterprise Edition:20.3.11" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:21.3.7", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:21.3.7", "product_id": "P-13497V-Oracle GraalVM Enterprise Edition:21.3.7" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:22.3.3", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM Enterprise Edition:22.3.3", "product_id": "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:17.0.8", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:17.0.8", "product_id": "P-13497V-Oracle GraalVM for JDK:17.0.8" } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:21", "product": { "name": "Oracle GraalVM for JDK Version Oracle GraalVM for JDK:21", "product_id": "P-13497V-Oracle GraalVM for JDK:21" } } ], "category": "product_name", "name": "Oracle GraalVM for JDK" }, { "branches": [ { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.11", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:20.3.11", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:20.3.11" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.7", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:21.3.7", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:21.3.7" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:22.3.3", "product": { "name": "Oracle Java SE Version Oracle GraalVM Enterprise Edition:22.3.3", "product_id": "P-856V-Oracle GraalVM Enterprise Edition:22.3.3" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM for JDK:17.0.8", "product": { "name": "Oracle Java SE Version Oracle GraalVM for JDK:17.0.8", "product_id": "P-856V-Oracle GraalVM for JDK:17.0.8" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle GraalVM for JDK:21", "product": { "name": "Oracle Java SE Version Oracle GraalVM for JDK:21", "product_id": "P-856V-Oracle GraalVM for JDK:21" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:11.0.20", "product": { "name": "Oracle Java SE Version Oracle Java SE:11.0.20", "product_id": "P-856V-Oracle Java SE:11.0.20" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:17.0.8", "product": { "name": "Oracle Java SE Version Oracle Java SE:17.0.8", "product_id": "P-856V-Oracle Java SE:17.0.8" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:21", "product": { "name": "Oracle Java SE Version Oracle Java SE:21", "product_id": "P-856V-Oracle Java SE:21" } }, { "category": "product_version", "name": "Oracle Java SE Version Oracle Java SE:8u381", "product": { "name": "Oracle Java SE Version Oracle Java SE:8u381", "product_id": "P-856V-Oracle Java SE:8u381" } }, { "category": "product_version_range", "name": "Oracle Java SE Version Oracle Java SE:8u381-perf", "product": { "name": "Oracle Java SE Version Oracle Java SE:8u381-perf", "product_id": "P-856V-Oracle Java SE:8u381-perf" } } ], "category": "product_name", "name": "Oracle Java SE" } ], "category": "product_family", "name": "Oracle Java SE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "MySQL Cluster Version 8.0.34 and prior", "product": { "name": "MySQL Cluster Version 8.0.34 and prior", "product_id": "P-8479V-8.0.34 and prior" } }, { "category": "product_version", "name": "MySQL Cluster Version 8.1.0", "product": { "name": "MySQL Cluster Version 8.1.0", "product_id": "P-8479V-8.1.0" } } ], "category": "product_name", "name": "MySQL Cluster" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Connectors(Connector/C++) Version 8.1.0 and prior", "product": { "name": "MySQL Connectors(Connector/C++) Version 8.1.0 and prior", "product_id": "P-8576(Connector/C++)V-8.1.0 and prior" } }, { "category": "product_version_range", "name": "MySQL Connectors(Connector/ODBC) Version 8.1.0 and prior", "product": { "name": "MySQL Connectors(Connector/ODBC) Version 8.1.0 and prior", "product_id": "P-8576(Connector/ODBC)V-8.1.0 and prior" } }, { "category": "product_version_range", "name": "MySQL Connectors Version 8.1.0 and prior", "product": { "name": "MySQL Connectors Version 8.1.0 and prior", "product_id": "P-8576V-8.1.0 and prior" } } ], "category": "product_name", "name": "MySQL Connectors" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Enterprise Monitor Version 8.0.34 and prior", "product": { "name": "MySQL Enterprise Monitor Version 8.0.34 and prior", "product_id": "P-8480V-8.0.34 and prior" } }, { "category": "product_version_range", "name": "MySQL Enterprise Monitor Version 8.0.35 and prior", "product": { "name": "MySQL Enterprise Monitor Version 8.0.35 and prior", "product_id": "P-8480V-8.0.35 and prior" } } ], "category": "product_name", "name": "MySQL Enterprise Monitor" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Installer Version Prior to 1.6.8", "product": { "name": "MySQL Installer Version Prior to 1.6.8", "product_id": "P-9536V-Prior to 1.6.8" } } ], "category": "product_name", "name": "MySQL Installer" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Server Version 5.7.39 and prior", "product": { "name": "MySQL Server Version 5.7.39 and prior", "product_id": "P-8478V-5.7.39 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 5.7.42 and prior", "product": { "name": "MySQL Server Version 5.7.42 and prior", "product_id": "P-8478V-5.7.42 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 5.7.43 and prior", "product": { "name": "MySQL Server Version 5.7.43 and prior", "product_id": "P-8478V-5.7.43 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.30 and prior", "product": { "name": "MySQL Server Version 8.0.30 and prior", "product_id": "P-8478V-8.0.30 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.31 and prior", "product": { "name": "MySQL Server Version 8.0.31 and prior", "product_id": "P-8478V-8.0.31 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.32 and prior", "product": { "name": "MySQL Server Version 8.0.32 and prior", "product_id": "P-8478V-8.0.32 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.33 and prior", "product": { "name": "MySQL Server Version 8.0.33 and prior", "product_id": "P-8478V-8.0.33 and prior" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.0.34 and prior", "product": { "name": "MySQL Server Version 8.0.34 and prior", "product_id": "P-8478V-8.0.34 and prior" } }, { "category": "product_version", "name": "MySQL Server Version 8.1.0", "product": { "name": "MySQL Server Version 8.1.0", "product_id": "P-8478V-8.1.0" } }, { "category": "product_version_range", "name": "MySQL Server Version 8.1.0 and prior", "product": { "name": "MySQL Server Version 8.1.0 and prior", "product_id": "P-8478V-8.1.0 and prior" } } ], "category": "product_name", "name": "MySQL Server" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Shell Version 8.1.1 and prior", "product": { "name": "MySQL Shell Version 8.1.1 and prior", "product_id": "P-8478V-8.1.1 and prior" } } ], "category": "product_name", "name": "MySQL Shell" } ], "category": "product_family", "name": "Oracle MySQL" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise CC Common Application Objects Version 9.2", "product": { "name": "PeopleSoft Enterprise CC Common Application Objects Version 9.2", "product_id": "P-8911V-9.2" } } ], "category": "product_name", "name": "PeopleSoft Enterprise CC Common Application Objects" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise HCM Global Payroll Switzerland Version 9.2", "product": { "name": "PeopleSoft Enterprise HCM Global Payroll Switzerland Version 9.2", "product_id": "P-5068V-9.2" } } ], "category": "product_name", "name": "PeopleSoft Enterprise HCM Global Payroll Switzerland" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.59", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.59", "product_id": "P-5085V-8.59" } }, { "category": "product_version", "name": "PeopleSoft Enterprise PeopleTools Version 8.60", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.60", "product_id": "P-5085V-8.60" } } ], "category": "product_name", "name": "PeopleSoft Enterprise PeopleTools" } ], "category": "product_family", "name": "Oracle PeopleSoft" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle REST Data Services Version Prior to 23.2.2", "product": { "name": "Oracle REST Data Services Version Prior to 23.2.2", "product_id": "P-9456V-Prior to 23.2.2" } } ], "category": "product_name", "name": "Oracle REST Data Services" } ], "category": "product_family", "name": "Oracle REST Data Services" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Retail Bulk Data Integration Version 16.0.3", "product": { "name": "Oracle Retail Bulk Data Integration Version 16.0.3", "product_id": "P-12968V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Bulk Data Integration Version 19.0.1", "product": { "name": "Oracle Retail Bulk Data Integration Version 19.0.1", "product_id": "P-12968V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Bulk Data Integration" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Customer Management and Segmentation Foundation Version 18.0.0.13", "product": { "name": "Oracle Retail Customer Management and Segmentation Foundation Version 18.0.0.13", "product_id": "P-13388V-18.0.0.13" } }, { "category": "product_version", "name": "Oracle Retail Customer Management and Segmentation Foundation Version 19.0.0.7", "product": { "name": "Oracle Retail Customer Management and Segmentation Foundation Version 19.0.0.7", "product_id": "P-13388V-19.0.0.7" } } ], "category": "product_name", "name": "Oracle Retail Customer Management and Segmentation Foundation" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail EFTLink Version 20.0.1", "product": { "name": "Oracle Retail EFTLink Version 20.0.1", "product_id": "P-11516V-20.0.1" } }, { "category": "product_version", "name": "Oracle Retail EFTLink Version 21.0.0", "product": { "name": "Oracle Retail EFTLink Version 21.0.0", "product_id": "P-11516V-21.0.0" } }, { "category": "product_version", "name": "Oracle Retail EFTLink Version 22.0.0", "product": { "name": "Oracle Retail EFTLink Version 22.0.0", "product_id": "P-11516V-22.0.0" } } ], "category": "product_name", "name": "Oracle Retail EFTLink" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Financial Integration Version 14.1.3.2", "product": { "name": "Oracle Retail Financial Integration Version 14.1.3.2", "product_id": "P-10722V-14.1.3.2" } }, { "category": "product_version", "name": "Oracle Retail Financial Integration Version 15.0.3.1", "product": { "name": "Oracle Retail Financial Integration Version 15.0.3.1", "product_id": "P-10722V-15.0.3.1" } }, { "category": "product_version", "name": "Oracle Retail Financial Integration Version 16.0.3", "product": { "name": "Oracle Retail Financial Integration Version 16.0.3", "product_id": "P-10722V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Financial Integration Version 19.0.1", "product": { "name": "Oracle Retail Financial Integration Version 19.0.1", "product_id": "P-10722V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Financial Integration" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Fiscal Management Version 14.2", "product": { "name": "Oracle Retail Fiscal Management Version 14.2", "product_id": "P-9038V-14.2" } } ], "category": "product_name", "name": "Oracle Retail Fiscal Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Integration Bus Version 14.1.3.2", "product": { "name": "Oracle Retail Integration Bus Version 14.1.3.2", "product_id": "P-1807V-14.1.3.2" } }, { "category": "product_version", "name": "Oracle Retail Integration Bus Version 15.0.3.1", "product": { "name": "Oracle Retail Integration Bus Version 15.0.3.1", "product_id": "P-1807V-15.0.3.1" } }, { "category": "product_version", "name": "Oracle Retail Integration Bus Version 16.0.3", "product": { "name": "Oracle Retail Integration Bus Version 16.0.3", "product_id": "P-1807V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Integration Bus Version 19.0.1", "product": { "name": "Oracle Retail Integration Bus Version 19.0.1", "product_id": "P-1807V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Integration Bus" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Merchandising System Version 19.0.1", "product": { "name": "Oracle Retail Merchandising System Version 19.0.1", "product_id": "P-1816V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Merchandising System" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Service Backbone Version 14.1.3.2", "product": { "name": "Oracle Retail Service Backbone Version 14.1.3.2", "product_id": "P-10867V-14.1.3.2" } }, { "category": "product_version", "name": "Oracle Retail Service Backbone Version 15.0.3.1", "product": { "name": "Oracle Retail Service Backbone Version 15.0.3.1", "product_id": "P-10867V-15.0.3.1" } }, { "category": "product_version", "name": "Oracle Retail Service Backbone Version 16.0.3", "product": { "name": "Oracle Retail Service Backbone Version 16.0.3", "product_id": "P-10867V-16.0.3" } }, { "category": "product_version", "name": "Oracle Retail Service Backbone Version 19.0.1", "product": { "name": "Oracle Retail Service Backbone Version 19.0.1", "product_id": "P-10867V-19.0.1" } } ], "category": "product_name", "name": "Oracle Retail Service Backbone" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 18.0.5", "product": { "name": "Oracle Retail Xstore Point of Service Version 18.0.5", "product_id": "P-11513V-18.0.5" } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 19.0.4", "product": { "name": "Oracle Retail Xstore Point of Service Version 19.0.4", "product_id": "P-11513V-19.0.4" } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 20.0.3", "product": { "name": "Oracle Retail Xstore Point of Service Version 20.0.3", "product_id": "P-11513V-20.0.3" } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 21.0.2", "product": { "name": "Oracle Retail Xstore Point of Service Version 21.0.2", "product_id": "P-11513V-21.0.2" } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 22.0.0", "product": { "name": "Oracle Retail Xstore Point of Service Version 22.0.0", "product_id": "P-11513V-22.0.0" } } ], "category": "product_name", "name": "Oracle Retail Xstore Point of Service" } ], "category": "product_family", "name": "Oracle Retail Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Secure Backup Version 18.1.0.1.0", "product": { "name": "Oracle Secure Backup Version 18.1.0.1.0", "product_id": "P-1522V-18.1.0.1.0" } }, { "category": "product_version", "name": "Oracle Secure Backup Version 18.1.0.2.0", "product": { "name": "Oracle Secure Backup Version 18.1.0.2.0", "product_id": "P-1522V-18.1.0.2.0" } } ], "category": "product_name", "name": "Oracle Secure Backup" } ], "category": "product_family", "name": "Oracle Secure Backup" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Siebel Apps Version 23.8 and prior", "product": { "name": "Siebel Apps Version 23.8 and prior", "product_id": "P-8974V-23.8 and prior" } } ], "category": "product_name", "name": "Siebel Apps" }, { "branches": [ { "category": "product_version_range", "name": "Siebel CRM Version 23.8 and prior", "product": { "name": "Siebel CRM Version 23.8 and prior", "product_id": "P-9008V-23.8 and prior" } } ], "category": "product_name", "name": "Siebel CRM" } ], "category": "product_family", "name": "Oracle Siebel CRM" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Agile PLM Version 9.3.6", "product": { "name": "Oracle Agile PLM Version 9.3.6", "product_id": "P-4461V-9.3.6" } } ], "category": "product_name", "name": "Oracle Agile PLM" } ], "category": "product_family", "name": "Oracle Supply Chain" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Solaris Version 10", "product": { "name": "Oracle Solaris Version 10", "product_id": "P-10006V-10" } }, { "category": "product_version", "name": "Oracle Solaris Version 11", "product": { "name": "Oracle Solaris Version 11", "product_id": "P-10006V-11" } } ], "category": "product_name", "name": "Oracle Solaris" }, { "branches": [ { "category": "product_version", "name": "Sun ZFS Storage Appliance Version 8.8.60", "product": { "name": "Sun ZFS Storage Appliance Version 8.8.60", "product_id": "P-10026V-8.8.60" } } ], "category": "product_name", "name": "Sun ZFS Storage Appliance" } ], "category": "product_family", "name": "Oracle Systems" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "TimesTen In-Memory Database Version Prior to 18.1.4.38.0", "product": { "name": "TimesTen In-Memory Database Version Prior to 18.1.4.38.0", "product_id": "P-1870V-Prior to 18.1.4.38.0" } }, { "category": "product_version_range", "name": "TimesTen In-Memory Database Version Prior to 18.1.4.39.0", "product": { "name": "TimesTen In-Memory Database Version Prior to 18.1.4.39.0", "product_id": "P-1870V-Prior to 18.1.4.39.0" } }, { "category": "product_version_range", "name": "TimesTen In-Memory Database Version Prior to 22.1.1.18.0", "product": { "name": "TimesTen In-Memory Database Version Prior to 22.1.1.18.0", "product_id": "P-1870V-Prior to 22.1.1.18.0" } } ], "category": "product_name", "name": "TimesTen In-Memory Database" } ], "category": "product_family", "name": "Oracle TimesTen In-Memory Database" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.2.0.3.0", "product": { "name": "Oracle Utilities Application Framework Version 4.2.0.3.0", "product_id": "P-2245V-4.2.0.3.0" } }, { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 4.3.0.1.0-4.3.0.6.0", "product": { "name": "Oracle Utilities Application Framework Version 4.3.0.1.0-4.3.0.6.0", "product_id": "P-2245V-4.3.0.1.0-4.3.0.6.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.3.0.5.0", "product": { "name": "Oracle Utilities Application Framework Version 4.3.0.5.0", "product_id": "P-2245V-4.3.0.5.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.3.0.6.0", "product": { "name": "Oracle Utilities Application Framework Version 4.3.0.6.0", "product_id": "P-2245V-4.3.0.6.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.0.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.0.0", "product_id": "P-2245V-4.4.0.0.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.2.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.2.0", "product_id": "P-2245V-4.4.0.2.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.4.0.3.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.3.0", "product_id": "P-2245V-4.4.0.3.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.0.0", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.0.0", "product_id": "P-2245V-4.5.0.0.0" } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 4.5.0.0.1", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.0.1", "product_id": "P-2245V-4.5.0.0.1" } }, { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 4.5.0.1.0- 4.5.0.1.2", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.1.0- 4.5.0.1.2", "product_id": "P-2245V-4.5.0.1.0- 4.5.0.1.2" } } ], "category": "product_name", "name": "Oracle Utilities Application Framework" }, { "branches": [ { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.3.0.2", "product": { "name": "Oracle Utilities Network Management System Version 2.3.0.2", "product_id": "P-2241V-2.3.0.2" } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.4.0.1", "product": { "name": "Oracle Utilities Network Management System Version 2.4.0.1", "product_id": "P-2241V-2.4.0.1" } } ], "category": "product_name", "name": "Oracle Utilities Network Management System" } ], "category": "product_family", "name": "Oracle Utilities Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle VM VirtualBox Version Prior to 7.0.12", "product": { "name": "Oracle VM VirtualBox Version Prior to 7.0.12", "product_id": "P-8370V-Prior to 7.0.12" } } ], "category": "product_name", "name": "Oracle VM VirtualBox" } ], "category": "product_family", "name": "Oracle Virtualization" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-10086", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Content", "text": "35493990" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager", "text": "35317518" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35251397" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security (Apache Commons BeanUtils)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Apache Commons BeanUtils)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data as well as unauthorized read access to a subset of Oracle Identity Manager accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Identity Manager. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: ADF UCM Application (Apache Commons BeanUtils)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Content. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2271V-12.2.1.4.0", "P-2025V-12.2.1.4.0", "P-1980V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1980V-12.2.1.4.0", "P-2271V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-1980V-12.2.1.4.0", "P-2271V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2019-11358", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "34991831" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Mobile Service (jQuery)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2019-17498", "ids": [ { "system_name": "Oracle Bug ID of Oracle Life Sciences InForm", "text": "35659616" }, { "system_name": "Oracle Bug ID of Oracle Life Sciences InForm Publisher", "text": "34595764" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Life Sciences InForm Publisher product of Oracle Health Sciences Applications (component: Publishing (libssh2)). The supported version that is affected is 6.3.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Life Sciences InForm Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Life Sciences InForm Publisher accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Life Sciences InForm Publisher. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications (component: InForm Publisher (libssh2)). The supported version that is affected is 7.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Life Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Life Sciences InForm accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Life Sciences InForm. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9638V-6.3.1.0", "P-9636V-7.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9638V-6.3.1.0", "P-9636V-7.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978194.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-9638V-6.3.1.0", "P-9636V-7.0.0.0" ] } ] }, { "cve": "CVE-2019-20907", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35702678" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Python)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0" ] } ] }, { "cve": "CVE-2019-20916", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35702678" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Python)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0" ] } ] }, { "cve": "CVE-2020-11022", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "34991831" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Mobile Service (jQuery)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-11023", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "34991831" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Mobile Service (jQuery)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2020-11988", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35160153" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Presentation Services (Apache XmlGraphics Commons)). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2020-13956", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "34396257" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35624521" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Deployment SEC (Apache HttpClient)). The supported version that is affected is 9.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache HttpClient)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-4781V-9.2.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978445.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-4781V-9.2.7", "P-5242V-14.1.1.0.0" ] } ] }, { "cve": "CVE-2020-1953", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35369821" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Content Storage Service (Apache Commons Configuration)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2020-25649", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35462334" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (jackson-databind) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] } ] }, { "cve": "CVE-2020-28493", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35405142" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Avro)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2020-29582", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844132" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (JetBrains Kotlin)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2020-36518", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35462334" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "34595317" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management (jackson-databind)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (jackson-databind) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-13.5.0.0" ], "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1370V-13.5.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] } ] }, { "cve": "CVE-2020-7760", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35514306" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Diameter Custom Application (CodeMirror)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978843.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0" ] } ] }, { "cve": "CVE-2020-9492", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35369690" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hadoop)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2021-24031", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Database Core)V-19.3-19.20", "P-5(Database Core)V-21.3-21.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35646719" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Database Core (Zstandard) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Database Core)V-19.3-19.20", "P-5(Database Core)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Database Core)V-19.3-19.20", "P-5(Database Core)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Database Core)V-19.3-19.20", "P-5(Database Core)V-21.3-21.11" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Database Core)V-19.3-19.20", "P-5(Database Core)V-21.3-21.11" ] } ] }, { "cve": "CVE-2021-28165", "ids": [ { "system_name": "Oracle Bug ID of Oracle Unified Directory", "text": "35358723" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: OUD Core (Eclipse Jetty)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Unified Directory. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Unified Directory. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9118V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9118V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9118V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-33036", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35369690" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hadoop)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2021-36373", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "33176678" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "34469065" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: SW- System Wide (Apache Ant)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Ant)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0" ], "known_not_affected": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2977174.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2" ] }, { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2" ] } ] }, { "cve": "CVE-2021-36374", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "33176678" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "34469065" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: SW- System Wide (Apache Ant)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Ant)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0" ], "known_not_affected": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2977174.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2" ] }, { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-2241V-2.4.0.1", "P-2241V-2.3.0.2" ] } ] }, { "cve": "CVE-2021-37136", "ids": [ { "system_name": "Oracle Bug ID of Oracle Access Manager", "text": "35217506" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Netty)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Access Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5565V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5565V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5565V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-37404", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35369690" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hadoop)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2021-37533", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications IP Service Activator", "text": "35346721" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35346753" }, { "system_name": "Oracle Bug ID of Siebel Apps", "text": "35346802" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Core Banking", "text": "35346735" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35346727" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35346726" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35346715" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Commons Net)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications IP Service Activator product of Oracle Communications Applications (component: Network Processor (Apache Commons Net)). Supported versions that are affected are 7.4.0 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications IP Service Activator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications IP Service Activator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Apache Commons Net)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Commons Net)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel Apps product of Oracle Siebel CRM (component: Marketing (Apache Commons Net)). Supported versions that are affected are 23.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Apps accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Commons Net)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Model Management and Governance accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Security (Apache Commons Net)). Supported versions that are affected are 11.6-11.8, 11.10 and 11.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Core Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9101V-11.10", "P-9101V-11.11", "P-9633V-11.3.2", "P-10770V-9.0.0-9.0.2", "P-2261V-7.4.0", "P-2261V-7.5.0", "P-8974V-23.8 and prior", "P-11052V-9.0.0-9.0.2", "P-14276V-8.1.2.3", "P-9101V-11.6-11.8", "P-14276V-8.1.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978844.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2261V-7.4.0", "P-2261V-7.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977035.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8974V-23.8 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2978442.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9101V-11.10", "P-9101V-11.11", "P-9101V-11.6-11.8" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-9101V-11.10", "P-9101V-11.11", "P-9633V-11.3.2", "P-10770V-9.0.0-9.0.2", "P-2261V-7.4.0", "P-2261V-7.5.0", "P-8974V-23.8 and prior", "P-11052V-9.0.0-9.0.2", "P-14276V-8.1.2.3", "P-9101V-11.6-11.8", "P-14276V-8.1.2.4" ] } ] }, { "cve": "CVE-2021-37714", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35276649" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Portal Core (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1696V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1696V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-40690", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Peoplesoft", "text": "33798140" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Peoplesoft product of Oracle Enterprise Manager (component: PSEM Plugin (Apache Santuario XML Security For Java)). The supported version that is affected is 13.5.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Peoplesoft. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Peoplesoft accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2131V-13.5.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2131V-13.5.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2131V-13.5.1.1" ] } ] }, { "cve": "CVE-2021-41164", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Party Management", "text": "33685734" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: UI (CKEditor)). The supported version that is affected is 2.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Party Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Party Management accessible data as well as unauthorized read access to a subset of Oracle Banking Party Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13929V-2.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13929V-2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978283.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13929V-2.7" ] } ] }, { "cve": "CVE-2021-41165", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Party Management", "text": "33685734" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: UI (CKEditor)). The supported version that is affected is 2.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Party Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Party Management accessible data as well as unauthorized read access to a subset of Oracle Banking Party Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13929V-2.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13929V-2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978283.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13929V-2.7" ] } ] }, { "cve": "CVE-2021-41182", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "34991814" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Mobile Service (jQueryUI)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-41183", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "34991814" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Mobile Service (jQueryUI)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-41184", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "34991814" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Mobile Service (jQueryUI)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-41945", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35402585" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (HTTPX)). Supported versions that are affected are 23.2.0-23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-23.2.0-23.2.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.2.0-23.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14277V-23.2.0-23.2.2" ] } ] }, { "cve": "CVE-2021-42575", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-10945V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35412025" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: Golden Gate Studio (Java HTML Sanitizer)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-10945V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10945V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-10945V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-43045", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35405142" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Avro)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-1471", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35156469" }, { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "35156501" }, { "system_name": "Oracle Bug ID of Oracle Banking Deposits and Lines of Credit Servicing", "text": "35156401" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Core Banking", "text": "35156456" }, { "system_name": "Oracle Bug ID of Oracle Banking Party Management", "text": "35156409" }, { "system_name": "Oracle Bug ID of Oracle Banking Loans Servicing", "text": "35156408" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Deposits and Lines of Credit Servicing product of Oracle Financial Services Applications (component: UI (SnakeYAML)). Supported versions that are affected are 2.7 and 2.12. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Deposits and Lines of Credit Servicing. Successful attacks of this vulnerability can result in takeover of Oracle Banking Deposits and Lines of Credit Servicing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Loans Servicing product of Oracle Financial Services Applications (component: UI (SnakeYAML)). The supported version that is affected is 2.12. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Loans Servicing. Successful attacks of this vulnerability can result in takeover of Oracle Banking Loans Servicing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: UI (SnakeYAML)). The supported version that is affected is 2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Party Management. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Securities (SnakeYAML)). Supported versions that are affected are 11.10 and 11.11. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in takeover of Oracle FLEXCUBE Core Banking. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (SnakeYAML)). The supported version that is affected is 22.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (SnakeYAML)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9101V-11.10", "P-9101V-11.11", "P-13929V-2.7", "P-13928V-2.7", "P-13927V-2.12", "P-11513V-22.0.0", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4", "P-13928V-2.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9101V-11.10", "P-9101V-11.11", "P-13928V-2.7", "P-13928V-2.12" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13929V-2.7", "P-13927V-2.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2978283.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-22.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2975532.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9101V-11.10", "P-9101V-11.11", "P-13929V-2.7", "P-13928V-2.7", "P-13927V-2.12", "P-13928V-2.12" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-11513V-22.0.0", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ] } ] }, { "cve": "CVE-2022-23491", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35642546" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35702678" } ], "notes": [ { "category": "description", "text": "Vulnerability in the OML4Py (cryptography) component of Oracle Database Server. Supported versions that are affected are 21.3-21.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise OML4Py (cryptography). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all OML4Py (cryptography) accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Python)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(OML4Py)V-21.3-21.11", "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(OML4Py)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5(OML4Py)V-21.3-21.11" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0" ] } ] }, { "cve": "CVE-2022-23990", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "34747797" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install (LibExpat)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1370V-13.5.0.0" ] } ] }, { "cve": "CVE-2022-24329", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844132" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (JetBrains Kotlin)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2022-24407", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8478V-5.7.39 and prior", "P-8478V-8.0.30 and prior" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34680981" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the MySQL Server product of Oracle MySQL (component: Server: Packaging (Cyrus SASL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-8478V-5.7.39 and prior", "P-8478V-8.0.30 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-5.7.39 and prior", "P-8478V-8.0.30 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-8478V-5.7.39 and prior", "P-8478V-8.0.30 and prior" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8478V-5.7.39 and prior", "P-8478V-8.0.30 and prior" ] } ] }, { "cve": "CVE-2022-24834", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35654262" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35654280" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Fraud Detection Monitor (Redis)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Redis)). Supported versions that are affected are 23.1.3 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.1.3", "P-10762V-5.1", "P-10762V-5.0", "P-14118V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.3", "P-14118V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978839.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.1.3", "P-10762V-5.1", "P-10762V-5.0", "P-14118V-23.3.0" ] } ] }, { "cve": "CVE-2022-24839", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-10945V-12.2.1.4.0" ] }, { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "34696730" }, { "system_name": "Oracle Bug ID of GoldenGate Veridata", "text": "34696731" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35578020" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (NekoHTML)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (NekoHTML)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (NekoHTML)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0" ], "known_not_affected": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4647V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-10945V-12.2.1.4.0" ] }, { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ] }, { "cve": "CVE-2022-25147", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35723896" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Portable Runtime Utility)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978843.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0" ] } ] }, { "cve": "CVE-2022-25168", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35369690" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hadoop)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-25647", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "34315276" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Google Gson)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1" ] } ] }, { "cve": "CVE-2022-26612", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35369690" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Hadoop)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-27778", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2022-27779", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2022-27780", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2022-27781", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2022-27782", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2022-29546", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35624789" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (NekoHTML)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0" ] } ] }, { "cve": "CVE-2022-29577", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Deposits and Lines of Credit Servicing", "text": "34171325" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Deposits and Lines of Credit Servicing product of Oracle Financial Services Applications (component: UI (AntiSamy)). Supported versions that are affected are 2.7 and 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Deposits and Lines of Credit Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Deposits and Lines of Credit Servicing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Deposits and Lines of Credit Servicing accessible data as well as unauthorized read access to a subset of Oracle Banking Deposits and Lines of Credit Servicing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13928V-2.7", "P-13928V-2.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13928V-2.7", "P-13928V-2.12" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13928V-2.7", "P-13928V-2.12" ] } ] }, { "cve": "CVE-2022-29599", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35624505" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Maven Shared Utils)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0" ] } ] }, { "cve": "CVE-2022-30115", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2022-31129", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "34462401" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Moment.js)). Supported versions that are affected are 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0 and 4.4.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2245V-4.3.0.6.0", "P-2245V-4.4.0.0.0", "P-2245V-4.3.0.5.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.3.0.5.0", "P-2245V-4.3.0.6.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977174.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2245V-4.3.0.5.0", "P-2245V-4.3.0.6.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] } ] }, { "cve": "CVE-2022-31160", "ids": [ { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "34858164" }, { "system_name": "Oracle Bug ID of BI Publisher", "text": "34991814" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (jQueryUI)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.16 and 22.12.0-22.12.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.1 Base Score 3.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Mobile Service (jQueryUI)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10354V-20.12.0-20.12.16", "P-10354V-19.12.0-19.12.16", "P-10354V-21.12.0-21.12.16", "P-10354V-22.12.0-22.12.9", "P-1479V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-21.12.0-21.12.16", "P-10354V-19.12.0-19.12.16", "P-10354V-22.12.0-22.12.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2978463.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10354V-20.12.0-20.12.16", "P-10354V-21.12.0-21.12.16", "P-10354V-19.12.0-19.12.16", "P-10354V-22.12.0-22.12.9" ] }, { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-3171", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-10945V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "34859678" }, { "system_name": "Oracle Bug ID of GoldenGate Veridata", "text": "34859679" }, { "system_name": "Oracle Bug ID of Oracle Banking Platform", "text": "34859644" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (Google Protobuf-Java)). The supported version that is affected is 2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (Google Protobuf-Java)). Supported versions that are affected are 12.2.1.4.0-12.2.1.4.230922. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the GoldenGate Veridata executes to compromise GoldenGate Veridata. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of GoldenGate Veridata. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (Google Protobuf-Java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-9178V-2.9.0" ], "known_not_affected": [ "P-10945V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9178V-2.9.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978283.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9178V-2.9.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-10945V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-33980", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35369821" }, { "system_name": "Oracle Bug ID of Oracle Banking Deposits and Lines of Credit Servicing", "text": "34436460" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Deposits and Lines of Credit Servicing product of Oracle Financial Services Applications (component: UI (Apache Commons Configuration)). The supported version that is affected is 2.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Deposits and Lines of Credit Servicing. Successful attacks of this vulnerability can result in takeover of Oracle Banking Deposits and Lines of Credit Servicing. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Content Storage Service (Apache Commons Configuration)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-13928V-2.7", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13928V-2.7" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13928V-2.7" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-36033", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-10945V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35276649" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "34897707" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "34897705" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34897678" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (jsoup)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (jsoup)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Model Management and Governance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Model Management and Governance accessible data as well as unauthorized read access to a subset of Oracle Financial Services Model Management and Governance accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (jsoup)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Portal Core (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-1696V-12.2.1.4.0", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "known_not_affected": [ "P-10945V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10945V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ] }, { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1696V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-10945V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-36944", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-14325V-14.5-14.7", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-14105V-8.1.2.0.0", "P-14324V-14.5-14.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ] }, { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-10605V-19.12.0-19.12.17", "P-10605V-21.12.0-21.12.10", "P-10605V-20.12.0-20.12.12" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35767106" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "35767117" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35767096" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "35767140" }, { "system_name": "Oracle Bug ID of Oracle Banking Electronic Data Exchange for Corporates", "text": "35767100" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35767099" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35767120" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35767097" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35767103" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35767102" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Cash Flow Engine", "text": "35767123" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Scala)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Scala)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Scala)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking Electronic Data Exchange for Corporates product of Oracle Financial Services Applications (component: Reports (Scala)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Scala)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Scala)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Scala)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Scala)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (Scala)). The supported version that is affected is 12.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Scala)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Financial Services Cash Flow Engine product of Oracle Financial Services Applications (component: Cash Flow Engine (Scala)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10900V-12.6.0.0" ], "known_not_affected": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-13718V-14.5-14.7", "P-10605V-19.12.0-19.12.17", "P-14393V-14.5-14.7", "P-10605V-21.12.0-21.12.10", "P-10605V-20.12.0-20.12.12", "P-14325V-14.5-14.7", "P-14105V-8.1.2.0.0", "P-14324V-14.5-14.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-14325V-14.5-14.7", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-14105V-8.1.2.0.0", "P-14324V-14.5-14.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10605V-19.12.0-19.12.17", "P-10605V-21.12.0-21.12.10", "P-10605V-20.12.0-20.12.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2978463.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-12.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2979749.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-14325V-14.5-14.7", "P-13718V-14.5-14.7", "P-10605V-19.12.0-19.12.17", "P-14393V-14.5-14.7", "P-10605V-21.12.0-21.12.10", "P-10605V-20.12.0-20.12.12", "P-14105V-8.1.2.0.0", "P-14324V-14.5-14.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10900V-12.6.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-14325V-14.5-14.7", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-14105V-8.1.2.0.0", "P-14324V-14.5-14.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ] }, { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-10605V-19.12.0-19.12.17", "P-10605V-21.12.0-21.12.10", "P-10605V-20.12.0-20.12.12" ] } ] }, { "cve": "CVE-2022-37436", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35610972" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-37454", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "34997332" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Python)). The supported version that is affected is 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978838.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14125V-23.2.0" ] } ] }, { "cve": "CVE-2022-40151", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35001988" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35251963" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Endeca Application Controller (XStream)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI (XStream)). Supported versions that are affected are 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-12605V-21.1", "P-12605V-22.1", "P-9633V-11.3.2", "P-12605V-22.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12605V-22.2", "P-12605V-21.1", "P-12605V-22.1" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-12605V-22.2", "P-12605V-21.1", "P-12605V-22.1" ] } ] }, { "cve": "CVE-2022-40152", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "35129141" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Development Operations (XStream)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of BI Publisher. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1479V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-40896", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35642546" } ], "notes": [ { "category": "description", "text": "Vulnerability in the OML4Py (cryptography) component of Oracle Database Server. Supported versions that are affected are 21.3-21.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise OML4Py (cryptography). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all OML4Py (cryptography) accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(OML4Py)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(OML4Py)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5(OML4Py)V-21.3-21.11" ] } ] }, { "cve": "CVE-2022-40897", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35642546" } ], "notes": [ { "category": "description", "text": "Vulnerability in the OML4Py (cryptography) component of Oracle Database Server. Supported versions that are affected are 21.3-21.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise OML4Py (cryptography). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all OML4Py (cryptography) accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(OML4Py)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(OML4Py)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5(OML4Py)V-21.3-21.11" ] } ] }, { "cve": "CVE-2022-40982", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844067" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "35822467" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844058" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (GCC)). Supported versions that are affected are 23.1.3 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Exposure Function executes to compromise Oracle Communications Cloud Native Core Network Exposure Function. While the vulnerability is in Oracle Communications Cloud Native Core Network Exposure Function, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Exposure Function accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (GCC Arm Aarch64 binary)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (GCC Arm Aarch64 binary)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Binding Support Function accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14122V-23.1.3", "P-14122V-23.3.0", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.1.3", "P-14122V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978797.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14122V-23.1.3", "P-14122V-23.3.0" ] }, { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2022-41409", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35698008" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (PCRE2)). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2022-41704", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ], "ids": [ { "system_name": "Oracle Bug ID of GoldenGate Veridata", "text": "34970676" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (Apache Batik)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ] }, { "cve": "CVE-2022-41881", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Platform", "text": "35001704" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (Netty)). The supported version that is affected is 2.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9178V-2.6.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9178V-2.6.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978283.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9178V-2.6.2" ] } ] }, { "cve": "CVE-2022-41915", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Platform", "text": "35001704" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (Netty)). The supported version that is affected is 2.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9178V-2.6.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9178V-2.6.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978283.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9178V-2.6.2" ] } ] }, { "cve": "CVE-2022-41954", "ids": [ { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "34977655" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (MPXJ)). Supported versions that are affected are 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.16 and 22.12.0-22.12.9. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera Unifier executes to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10354V-20.12.0-20.12.16", "P-10354V-19.12.0-19.12.16", "P-10354V-21.12.0-21.12.16", "P-10354V-22.12.0-22.12.9" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-20.12.0-20.12.16", "P-10354V-21.12.0-21.12.16", "P-10354V-19.12.0-19.12.16", "P-10354V-22.12.0-22.12.9" ], "url": "https://support.oracle.com/rs?type=doc&id=2978463.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10354V-20.12.0-20.12.16", "P-10354V-21.12.0-21.12.16", "P-10354V-19.12.0-19.12.16", "P-10354V-22.12.0-22.12.9" ] } ] }, { "cve": "CVE-2022-41966", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35001988" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35251963" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Endeca Application Controller (XStream)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI (XStream)). Supported versions that are affected are 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-12605V-21.1", "P-12605V-22.1", "P-9633V-11.3.2", "P-12605V-22.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12605V-22.2", "P-12605V-21.1", "P-12605V-22.1" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-12605V-22.2", "P-12605V-21.1", "P-12605V-22.1" ] } ] }, { "cve": "CVE-2022-42003", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35462334" }, { "system_name": "Oracle Bug ID of Oracle Banking Deposits and Lines of Credit Servicing", "text": "34811599" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35494982" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (jackson-databind) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Deposits and Lines of Credit Servicing product of Oracle Financial Services Applications (component: UI (jackson-databind)). Supported versions that are affected are 2.7 and 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Deposits and Lines of Credit Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Deposits and Lines of Credit Servicing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1696V-12.2.1.4.0", "P-13928V-2.7", "P-13928V-2.12" ], "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13928V-2.7", "P-13928V-2.12" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13928V-2.7", "P-1696V-12.2.1.4.0", "P-13928V-2.12" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] } ] }, { "cve": "CVE-2022-42004", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35462334" }, { "system_name": "Oracle Bug ID of Oracle Banking Deposits and Lines of Credit Servicing", "text": "34811599" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35494982" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Workload Manager (jackson-databind) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Deposits and Lines of Credit Servicing product of Oracle Financial Services Applications (component: UI (jackson-databind)). Supported versions that are affected are 2.7 and 2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Deposits and Lines of Credit Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Deposits and Lines of Credit Servicing. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1696V-12.2.1.4.0", "P-13928V-2.7", "P-13928V-2.12" ], "known_not_affected": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13928V-2.7", "P-13928V-2.12" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13928V-2.7", "P-1696V-12.2.1.4.0", "P-13928V-2.12" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Oracle Database Workload Manager)V-21.3-21.11" ] } ] }, { "cve": "CVE-2022-4225", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35533888" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench, Endeca Application Controller, Content Acquisition System (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9633V-11.3.2" ] } ] }, { "cve": "CVE-2022-42890", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ], "ids": [ { "system_name": "Oracle Bug ID of GoldenGate Veridata", "text": "34970676" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (Apache Batik)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ] }, { "cve": "CVE-2022-42898", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0 and prior" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "35001934" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "35001935" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (Kerberos)). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Server product of Oracle MySQL (component: Server: Packaging (Kerberos)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0" ], "known_not_affected": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8479V-8.0.34 and prior", "P-8479V-8.1.0", "P-8478V-8.1.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8479V-8.0.34 and prior", "P-8479V-8.1.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0 and prior" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0 and prior" ] } ] }, { "cve": "CVE-2022-42915", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2022-42919", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "34997332" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Python)). The supported version that is affected is 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978838.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14125V-23.2.0" ] } ] }, { "cve": "CVE-2022-42920", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-10945V-12.2.1.4.0" ] }, { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ], "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise HCM Global Payroll Switzerland", "text": "35674208" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35674202" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "35674048" }, { "system_name": "Oracle Bug ID of Oracle Retail Bulk Data Integration", "text": "35674169" }, { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "35674189" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "35674101" }, { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "35674089" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35674139" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35674225" }, { "system_name": "Oracle Bug ID of Oracle Retail Integration Bus", "text": "35674172" }, { "system_name": "Oracle Bug ID of Oracle Retail Financial Integration", "text": "35674170" }, { "system_name": "Oracle Bug ID of Oracle Retail Service Backbone", "text": "35674176" }, { "system_name": "Oracle Bug ID of Oracle Communications MetaSolv Solution", "text": "35674087" }, { "system_name": "Oracle Bug ID of Oracle Retail Merchandising System", "text": "35674173" }, { "system_name": "Oracle Bug ID of GoldenGate Veridata", "text": "35674140" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "35674090" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Financial Integration product of Oracle Retail Applications (component: PeopleSoft Integration Bugs (Apache Commons BCEL)). Supported versions that are affected are 14.1.3.2, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Financial Integration. Successful attacks of this vulnerability can result in takeover of Oracle Retail Financial Integration. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB (Apache Commons BCEL)). Supported versions that are affected are 14.1.3.2, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in takeover of Oracle Retail Integration Bus. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (Apache Commons BCEL)). The supported version that is affected is 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in takeover of Oracle Retail Merchandising System. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: Installation (Apache Commons BCEL)). Supported versions that are affected are 14.1.3.2, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in takeover of Oracle Retail Service Backbone. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Apache Commons BCEL)). Supported versions that are affected are 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Application Framework. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core (Apache Commons BCEL)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Switzerland product of Oracle PeopleSoft (component: XML CHE (Apache Commons BCEL)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Switzerland. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise HCM Global Payroll Switzerland. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Discussion Forums (Apache Commons BCEL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Commons BCEL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications MetaSolv Solution product of Oracle Communications Applications (component: Print Preview (Apache Commons BCEL)). The supported version that is affected is 6.3.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications MetaSolv Solution. Successful attacks of this vulnerability can result in takeover of Oracle Communications MetaSolv Solution. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: General (Apache Commons BCEL)). Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (Apache Commons BCEL)). The supported version that is affected is 12.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Apache Commons BCEL)). Supported versions that are affected are 12.6.4-12.7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (Apache Commons BCEL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (Apache Commons BCEL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Bulk Data Integration product of Oracle Retail Applications (component: BDI Job Scheduler (Apache Commons BCEL)). Supported versions that are affected are 16.0.3 and 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Bulk Data Integration. Successful attacks of this vulnerability can result in takeover of Oracle Retail Bulk Data Integration. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10867V-15.0.3.1", "P-10722V-15.0.3.1", "P-10722V-19.0.1", "P-1807V-19.0.1", "P-2270V-7.4.0", "P-2270V-7.4.1", "P-2245V-4.4.0.0.0", "P-1696V-12.2.1.4.0", "P-2245V-4.4.0.2.0", "P-2267V-6.3.1.0.0", "P-5242V-12.2.1.4.0", "P-2245V-4.3.0.1.0-4.3.0.6.0", "P-9464V-12.2.1.4.0", "P-1807V-14.1.3.2", "P-10867V-19.0.1", "P-10867V-14.1.3.2", "P-12968V-19.0.1", "P-10722V-14.1.3.2", "P-10722V-16.0.3", "P-1807V-16.0.3", "P-10867V-16.0.3", "P-1807V-15.0.3.1", "P-5242V-14.1.1.0.0", "P-2245V-4.2.0.3.0", "P-5477V-12.6.4-12.7.1", "P-5068V-9.2", "P-10900V-12.6.0.0", "P-1816V-19.0.1", "P-12968V-16.0.3" ], "known_not_affected": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10867V-15.0.3.1", "P-10722V-15.0.3.1", "P-10722V-19.0.1", "P-1807V-19.0.1", "P-10867V-14.1.3.2", "P-12968V-19.0.1", "P-10722V-14.1.3.2", "P-10722V-16.0.3", "P-1807V-16.0.3", "P-10867V-16.0.3", "P-1807V-15.0.3.1", "P-1807V-14.1.3.2", "P-10867V-19.0.1", "P-1816V-19.0.1", "P-12968V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2975532.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.2.0.3.0", "P-2245V-4.3.0.1.0-4.3.0.6.0", "P-2245V-4.4.0.0.0", "P-2245V-4.4.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977174.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0", "P-1696V-12.2.1.4.0", "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5068V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978441.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2267V-6.3.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977034.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.4.0", "P-2270V-7.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2977045.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-12.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2979749.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.6.4-12.7.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2979125.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10867V-15.0.3.1", "P-10722V-15.0.3.1", "P-10722V-19.0.1", "P-1807V-19.0.1", "P-2270V-7.4.0", "P-2270V-7.4.1", "P-2245V-4.4.0.0.0", "P-1696V-12.2.1.4.0", "P-2245V-4.4.0.2.0", "P-2267V-6.3.1.0.0", "P-5242V-12.2.1.4.0", "P-2245V-4.3.0.1.0-4.3.0.6.0", "P-9464V-12.2.1.4.0", "P-1807V-14.1.3.2", "P-10867V-19.0.1", "P-10867V-14.1.3.2", "P-12968V-19.0.1", "P-10722V-14.1.3.2", "P-10722V-16.0.3", "P-1807V-16.0.3", "P-10867V-16.0.3", "P-1807V-15.0.3.1", "P-5242V-14.1.1.0.0", "P-2245V-4.2.0.3.0", "P-5477V-12.6.4-12.7.1", "P-5068V-9.2", "P-10900V-12.6.0.0", "P-1816V-19.0.1", "P-12968V-16.0.3" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-10945V-12.2.1.4.0" ] }, { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ] }, { "cve": "CVE-2022-43551", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2022-43680", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "34747797" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install (LibExpat)). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-13.5.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1370V-13.5.0.0" ] } ] }, { "cve": "CVE-2022-44729", "ids": [ { "system_name": "Oracle Bug ID of Oracle Spatial and Graph (Apache Batik)", "text": "35754528" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35742434" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35756321" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Spatial and Graph (Apache Batik) component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the infrastructure where Oracle Spatial and Graph (Apache Batik) executes to compromise Oracle Spatial and Graph (Apache Batik). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Spatial and Graph (Apache Batik) accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (Apache Batik). CVSS 3.1 Base Score 6.0 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Middleware Common Libraries and Tools executes to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Batik)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0", "P-5242V-12.2.1.4.0", "P-619V-19.3-19.20", "P-5242V-14.1.1.0.0", "P-619V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-4647V-12.2.1.4.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ] }, { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-4647V-12.2.1.4.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-44730", "ids": [ { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35742434" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Middleware Common Libraries and Tools executes to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-4647V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-4492", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35402101" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844165" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Undertow)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Undertow)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2022-45061", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "34997332" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Python)). The supported version that is affected is 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978838.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14125V-23.2.0" ] } ] }, { "cve": "CVE-2022-45688", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-10945V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Service Bus", "text": "35463772" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "35655024" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "35452670" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35655021" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35655010" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35654926" }, { "system_name": "Oracle Bug ID of Oracle Communications WebRTC Session Controller", "text": "35654955" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "35654952" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35654983" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (JSON-java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Service Bus. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Runtime Engine (JSON-java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI (JSON-java)). Supported versions that are affected are 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (JSON-java)). Supported versions that are affected are 19.12.0-19.12.17, 20.12.0-20.12.12 and 21.12.0-21.12.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Cloud Manager (JSON-java)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (JSON-java)). The supported version that is affected is 9.1.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (JSON-java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (JSON-java)). The supported version that is affected is 12.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications WebRTC Session Controller product of Oracle Communications (component: Security (JSON-java)). Supported versions that are affected are 7.2.0.0.0 and 7.2.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications WebRTC Session Controller. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10605V-19.12.0-19.12.17", "P-5085V-8.59", "P-10605V-21.12.0-21.12.10", "P-5325V-12.2.1.4.0", "P-10605V-20.12.0-20.12.12", "P-12605V-18.3", "P-12605V-19.2", "P-10811V-7.2.1.0.0", "P-12605V-19.1", "P-12605V-22.2", "P-13940V-9.1.1.6.0", "P-5308V-12.2.1.4.0", "P-12605V-21.1", "P-12605V-22.1", "P-10900V-12.6.0.0", "P-10811V-7.2.0.0.0", "P-5085V-8.60" ], "known_not_affected": [ "P-10945V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5308V-12.2.1.4.0", "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12605V-19.1", "P-12605V-22.2", "P-12605V-21.1", "P-12605V-22.1", "P-12605V-18.3", "P-12605V-19.2" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10605V-19.12.0-19.12.17", "P-10605V-21.12.0-21.12.10", "P-10605V-20.12.0-20.12.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2978463.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2978441.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978846.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10945V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-12.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2979749.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10811V-7.2.0.0.0", "P-10811V-7.2.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2979750.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10605V-19.12.0-19.12.17", "P-5085V-8.59", "P-10605V-21.12.0-21.12.10", "P-5325V-12.2.1.4.0", "P-10605V-20.12.0-20.12.12", "P-12605V-18.3", "P-12605V-19.2", "P-10811V-7.2.1.0.0", "P-12605V-19.1", "P-12605V-22.2", "P-13940V-9.1.1.6.0", "P-5308V-12.2.1.4.0", "P-12605V-21.1", "P-12605V-22.1", "P-10900V-12.6.0.0", "P-10811V-7.2.0.0.0", "P-5085V-8.60" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-10945V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-45690", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35520766" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (JSON-java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1696V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1696V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-46908", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Spatial and Graph (SQLite)", "text": "35393406" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Spatial and Graph (SQLite) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ] } ] }, { "cve": "CVE-2022-48285", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35192525" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (JSZip)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Model Management and Governance accessible data as well as unauthorized read access to a subset of Oracle Financial Services Model Management and Governance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ] } ] }, { "cve": "CVE-2022-4899", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Database Core)V-19.3-19.20", "P-5(Database Core)V-21.3-21.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35360574" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35646719" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (Zstandard)). The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Database Core (Zstandard) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13940V-9.1.1.5.0" ], "known_not_affected": [ "P-5(Database Core)V-19.3-19.20", "P-5(Database Core)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978846.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Database Core)V-19.3-19.20", "P-5(Database Core)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13940V-9.1.1.5.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Database Core)V-19.3-19.20", "P-5(Database Core)V-21.3-21.11" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Database Core)V-19.3-19.20", "P-5(Database Core)V-21.3-21.11" ] } ] }, { "cve": "CVE-2023-0361", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35156652" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: SSL Module (GnuTLS)). Supported versions that are affected are 5.0 and 5.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Operations Monitor accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Operations Monitor accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10762V-5.1", "P-10762V-5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978837.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-10762V-5.0" ] } ] }, { "cve": "CVE-2023-0464", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35475182" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35475180" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "35475140" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). The supported version that is affected is 21.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Essbase. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-5.7.42 and prior", "P-4379V-21.5.0.0.0", "P-1042V-12.2.1.4.0", "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior", "P-4379V-21.5.0.0.0", "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-0465", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35475182" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35475180" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "35475140" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). The supported version that is affected is 21.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Essbase. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4379V-21.5.0.0.0", "P-8478V-5.7.42 and prior", "P-1042V-12.2.1.4.0", "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior", "P-4379V-21.5.0.0.0", "P-8478V-5.7.42 and prior", "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-0466", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35475182" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35475180" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "35475140" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). The supported version that is affected is 21.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Essbase. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-5.7.42 and prior", "P-4379V-21.5.0.0.0", "P-1042V-12.2.1.4.0", "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior", "P-4379V-21.5.0.0.0", "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-0567", "ids": [ { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "35360600" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). Supported versions that are affected are 18.1.0.1.0 and 18.1.0.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Secure Backup. Successful attacks of this vulnerability can result in takeover of Oracle Secure Backup. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1522V-18.1.0.1.0", "P-1522V-18.1.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-18.1.0.1.0", "P-1522V-18.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1522V-18.1.0.1.0", "P-1522V-18.1.0.2.0" ] } ] }, { "cve": "CVE-2023-0568", "ids": [ { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "35360600" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). Supported versions that are affected are 18.1.0.1.0 and 18.1.0.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Secure Backup. Successful attacks of this vulnerability can result in takeover of Oracle Secure Backup. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1522V-18.1.0.1.0", "P-1522V-18.1.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-18.1.0.1.0", "P-1522V-18.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1522V-18.1.0.1.0", "P-1522V-18.1.0.2.0" ] } ] }, { "cve": "CVE-2023-0662", "ids": [ { "system_name": "Oracle Bug ID of Oracle Secure Backup", "text": "35360600" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). Supported versions that are affected are 18.1.0.1.0 and 18.1.0.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Secure Backup. Successful attacks of this vulnerability can result in takeover of Oracle Secure Backup. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1522V-18.1.0.1.0", "P-1522V-18.1.0.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1522V-18.1.0.1.0", "P-1522V-18.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1522V-18.1.0.1.0", "P-1522V-18.1.0.2.0" ] } ] }, { "cve": "CVE-2023-1255", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35475182" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "35475140" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-5.7.42 and prior", "P-1042V-12.2.1.4.0", "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior", "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-1370", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM", "text": "35484758" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35408120" }, { "system_name": "Oracle Bug ID of GoldenGate Veridata", "text": "35408121" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35408114" } ], "notes": [ { "category": "description", "text": "Vulnerability in the GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (json-smart)). Supported versions that are affected are 12.2.1.4.0-12.2.1.4.230922. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the GoldenGate Veridata executes to compromise GoldenGate Veridata. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of GoldenGate Veridata. CVSS 3.1 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (json-smart)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Studio. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (json-smart)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI - Open UI (JSON-java)). Supported versions that are affected are 23.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-14276V-8.1.2.3", "P-9008V-23.8 and prior", "P-14276V-8.1.2.4", "P-10945V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-23.8 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2978442.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14276V-8.1.2.3", "P-9008V-23.8 and prior", "P-14276V-8.1.2.4", "P-10945V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-1436", "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Core Banking", "text": "35436153" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager", "text": "35273891" }, { "system_name": "Oracle Bug ID of GoldenGate Veridata", "text": "35436168" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "35435860" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35436167" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Security (Jettison)). Supported versions that are affected are 11.6-11.8, 11.10 and 11.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Core Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Jettison)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Jettison)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (Jettison)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Studio. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (Jettison)). Supported versions that are affected are 12.2.1.4.0-12.2.1.4.230922. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the GoldenGate Veridata executes to compromise GoldenGate Veridata. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of GoldenGate Veridata. CVSS 3.1 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9101V-11.10", "P-9101V-11.11", "P-1980V-12.2.1.4.0", "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-4647V-12.2.1.4.0", "P-9101V-11.6-11.8", "P-10945V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9101V-11.10", "P-9101V-11.11", "P-9101V-11.6-11.8" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1980V-12.2.1.4.0", "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9101V-11.10", "P-9101V-11.11", "P-1980V-12.2.1.4.0", "P-4647V-12.2.1.4.0", "P-9101V-11.6-11.8", "P-10945V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ] }, { "cve": "CVE-2023-2002", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844068" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844047" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-20593", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844068" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844047" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-20860", "ids": [ { "system_name": "Oracle Bug ID of Oracle Healthcare Master Person Index", "text": "35351062" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35351011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench, Endeca Application Controller, Content Acquisition System (Spring Framework)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Healthcare Master Person Index product of Oracle HealthCare Applications (component: Internal Operations (Spring Framework)). Supported versions that are affected are 5.0.0-5.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Master Person Index. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2", "P-8575V-5.0.0-5.0.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8575V-5.0.0-5.0.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2978691.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-8575V-5.0.0-5.0.6" ] } ] }, { "cve": "CVE-2023-20861", "ids": [ { "system_name": "Oracle Bug ID of Oracle Healthcare Master Person Index", "text": "35351062" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35351011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench, Endeca Application Controller, Content Acquisition System (Spring Framework)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Healthcare Master Person Index product of Oracle HealthCare Applications (component: Internal Operations (Spring Framework)). Supported versions that are affected are 5.0.0-5.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Master Person Index. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2", "P-8575V-5.0.0-5.0.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8575V-5.0.0-5.0.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2978691.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9633V-11.3.2", "P-8575V-5.0.0-5.0.6" ] } ] }, { "cve": "CVE-2023-20862", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35383476" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Spring Security)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Model Management and Governance accessible data as well as unauthorized read access to a subset of Oracle Financial Services Model Management and Governance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ] } ] }, { "cve": "CVE-2023-20863", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35351019" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "35350984" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35351036" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35351013" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35351034" }, { "system_name": "Oracle Bug ID of GoldenGate Veridata", "text": "35351056" }, { "system_name": "Oracle Bug ID of Oracle Retail Customer Management and Segmentation Foundation", "text": "35351078" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35351011" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35351055" }, { "system_name": "Oracle Bug ID of Oracle Healthcare Master Person Index", "text": "35351062" }, { "system_name": "Oracle Bug ID of Oracle Retail Fiscal Management", "text": "35351083" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35402026" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35350976" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending", "text": "35350998" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35350996" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35351008" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35350997" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35351007" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35351006" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "35350995" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35351049" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35351004" }, { "system_name": "Oracle Bug ID of Oracle Banking Electronic Data Exchange for Corporates", "text": "35351003" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35351025" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35351002" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35351024" }, { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "35351089" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35351000" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35351090" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Framework)). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Spring Framework)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Data Quality. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Spring Framework)). Supported versions that are affected are 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI (Spring Framework)). Supported versions that are affected are 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Electronic Data Exchange for Corporates product of Oracle Financial Services Applications (component: Reports (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Electronic Data Exchange for Corporates. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Electronic Data Exchange for Corporates. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench, Endeca Application Controller, Content Acquisition System (Spring Framework)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Spring Framework)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Spring Framework)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Spring Framework)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via LDAP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Security (Spring Framework)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via LDAP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Spring Framework)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Spring Framework)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Healthcare Master Person Index product of Oracle HealthCare Applications (component: Internal Operations (Spring Framework)). Supported versions that are affected are 5.0.0-5.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Master Person Index. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security (Spring Framework)). Supported versions that are affected are 18.0.0.13 and 19.0.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Fiscal Management product of Oracle Retail Applications (component: RTIL (Spring Framework)). The supported version that is affected is 14.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Fiscal Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Fiscal Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Spring Framework)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3, 21.0.2 and 22.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (Spring Framework)). The supported version that is affected is 9.1.1.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11513V-20.0.3", "P-14195V-14.5-14.7", "P-14123V-23.1.0", "P-13718V-14.5-14.7", "P-13676V-21.1", "P-13487V-14.5-14.7", "P-13388V-19.0.0.7", "P-13940V-9.1.1.5.0", "P-11513V-18.0.5", "P-10770V-9.0.0-9.0.2", "P-13676V-22.1", "P-13676V-22.2", "P-9464V-12.2.1.4.0", "P-14324V-14.5-14.7", "P-14276V-8.1.2.3", "P-14121V-23.1.0-23.1.7", "P-14276V-8.1.2.4", "P-13703V-14.5-14.7", "P-13872V-14.5-14.7", "P-11513V-19.0.4", "P-8480V-8.0.35 and prior", "P-9038V-14.2", "P-11513V-22.0.0", "P-14393V-14.5-14.7", "P-11052V-9.0.0-9.0.2", "P-8575V-5.0.0-5.0.6", "P-14277V-23.2.0-23.2.4", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-11513V-21.0.2", "P-9633V-11.3.2", "P-14325V-14.5-14.7", "P-12605V-22.2", "P-9052V-14.5-14.7", "P-12605V-21.1", "P-12605V-22.1", "P-12989V-14.5-14.7", "P-13388V-18.0.0.13", "P-13304V-14.5-14.7" ], "known_not_affected": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.35 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-13676V-21.1", "P-13487V-14.5-14.7", "P-14325V-14.5-14.7", "P-13676V-22.1", "P-12605V-22.2", "P-13676V-22.2", "P-9052V-14.5-14.7", "P-12605V-21.1", "P-12605V-22.1", "P-12989V-14.5-14.7", "P-14324V-14.5-14.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978841.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978844.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8575V-5.0.0-5.0.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2978691.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-20.0.3", "P-11513V-19.0.4", "P-11513V-21.0.2", "P-11513V-18.0.5", "P-9038V-14.2", "P-11513V-22.0.0", "P-13388V-18.0.0.13", "P-13388V-19.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2975532.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978846.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-11513V-20.0.3", "P-14195V-14.5-14.7", "P-14123V-23.1.0", "P-13718V-14.5-14.7", "P-13676V-21.1", "P-13487V-14.5-14.7", "P-13388V-19.0.0.7", "P-13940V-9.1.1.5.0", "P-11513V-18.0.5", "P-10770V-9.0.0-9.0.2", "P-13676V-22.1", "P-13676V-22.2", "P-9464V-12.2.1.4.0", "P-14324V-14.5-14.7", "P-14276V-8.1.2.3", "P-14121V-23.1.0-23.1.7", "P-14276V-8.1.2.4", "P-13703V-14.5-14.7", "P-13872V-14.5-14.7", "P-11513V-19.0.4", "P-8480V-8.0.35 and prior", "P-9038V-14.2", "P-11513V-22.0.0", "P-14393V-14.5-14.7", "P-11052V-9.0.0-9.0.2", "P-8575V-5.0.0-5.0.6", "P-14277V-23.2.0-23.2.4", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-11513V-21.0.2", "P-9633V-11.3.2", "P-14325V-14.5-14.7", "P-12605V-22.2", "P-9052V-14.5-14.7", "P-12605V-21.1", "P-12605V-22.1", "P-12989V-14.5-14.7", "P-13388V-18.0.0.13", "P-13304V-14.5-14.7" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-20873", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35401805" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35407489" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Spring Boot)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Utility (Spring Boot)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "known_not_affected": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-20883", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "35820919" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35576880" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35576878" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "35821595" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35576877" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35576899" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "35576876" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35576887" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35576898" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35576886" }, { "system_name": "Oracle Bug ID of Oracle Banking Payments", "text": "35576885" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35576883" }, { "system_name": "Oracle Bug ID of Oracle Banking Electronic Data Exchange for Corporates", "text": "35576882" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35576893" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35576919" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35576918" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35576906" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35576936" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Third Party (Spring Boot)). The supported version that is affected is 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Spring Boot)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Spring Boot)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal Tools (Spring Boot)). The supported version that is affected is 9.1.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Spring Boot)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Spring Boot)). The supported version that is affected is 23.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Spring Boot)). Supported versions that are affected are 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Spring Boot)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Branch. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Spring Boot)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Core (Spring Boot)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Electronic Data Exchange for Corporates product of Oracle Financial Services Applications (component: Reports (Spring Boot)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Electronic Data Exchange for Corporates. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Electronic Data Exchange for Corporates. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Spring Boot)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core (Spring Boot)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Spring Boot)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Spring Boot)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Spring Boot)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Spring Boot)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Spring Boot)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-13011V-14.0-14.3", "P-14119V-23.1.2", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-13676V-21.1", "P-14277V-23.2.0-23.2.4", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14325V-14.5-14.7", "P-13011V-14.5-14.7", "P-14547V-23.2.0", "P-13940V-9.1.1.6.0", "P-14122V-23.1.3", "P-13676V-22.1", "P-9052V-14.5-14.7", "P-13676V-22.2", "P-14324V-14.5-14.7", "P-14121V-23.1.0-23.1.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7", "P-14123V-23.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978845.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-13011V-14.0-14.3", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-13676V-21.1", "P-14325V-14.5-14.7", "P-13011V-14.5-14.7", "P-13676V-22.1", "P-9052V-14.5-14.7", "P-13676V-22.2", "P-14324V-14.5-14.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978846.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978797.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.1.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978842.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978841.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-13011V-14.0-14.3", "P-14119V-23.1.2", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-13676V-21.1", "P-14277V-23.2.0-23.2.4", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14325V-14.5-14.7", "P-13011V-14.5-14.7", "P-14547V-23.2.0", "P-13940V-9.1.1.6.0", "P-14122V-23.1.3", "P-13676V-22.1", "P-9052V-14.5-14.7", "P-13676V-22.2", "P-14324V-14.5-14.7", "P-14121V-23.1.0-23.1.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7", "P-14123V-23.1.3" ] } ] }, { "cve": "CVE-2023-21829", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "35002318" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (JDBC)). Supported versions that are affected are 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0, 4.5.0.0.0, 4.5.0.0.1 and 4.5.0.1.0- 4.5.0.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Application Framework accessible data as well as unauthorized read access to a subset of Oracle Utilities Application Framework accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2245V-4.5.0.1.0- 4.5.0.1.2", "P-2245V-4.2.0.3.0", "P-2245V-4.3.0.1.0-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.0.1", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.5.0.1.0- 4.5.0.1.2", "P-2245V-4.2.0.3.0", "P-2245V-4.3.0.1.0-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.0.1", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977174.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "P-2245V-4.5.0.1.0- 4.5.0.1.2", "P-2245V-4.2.0.3.0", "P-2245V-4.3.0.1.0-4.3.0.6.0", "P-2245V-4.5.0.0.0", "P-2245V-4.4.0.0.0", "P-2245V-4.5.0.0.1", "P-2245V-4.4.0.2.0", "P-2245V-4.4.0.3.0" ] } ] }, { "cve": "CVE-2023-22015", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "32824429" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-5.7.42 and prior", "P-8478V-8.0.31 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.31 and prior", "P-8478V-5.7.42 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.31 and prior", "P-8478V-5.7.42 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Alan Jose" ] } ], "cve": "CVE-2023-22019", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "34106095" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-1042V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Carter Kozak" ] } ], "cve": "CVE-2023-22025", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35892027" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:21", "P-856V-Oracle GraalVM Enterprise Edition:22.3.3", "P-856V-Oracle GraalVM for JDK:21", "P-856V-Oracle Java SE:17.0.8", "P-856V-Oracle Java SE:8u381-perf", "P-856V-Oracle GraalVM for JDK:17.0.8", "P-856V-Oracle GraalVM Enterprise Edition:21.3.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:21", "P-856V-Oracle GraalVM Enterprise Edition:22.3.3", "P-856V-Oracle GraalVM for JDK:21", "P-856V-Oracle Java SE:17.0.8", "P-856V-Oracle Java SE:8u381-perf", "P-856V-Oracle GraalVM for JDK:17.0.8", "P-856V-Oracle GraalVM Enterprise Edition:21.3.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:21", "P-856V-Oracle GraalVM Enterprise Edition:22.3.3", "P-856V-Oracle GraalVM for JDK:21", "P-856V-Oracle Java SE:17.0.8", "P-856V-Oracle Java SE:8u381-perf", "P-856V-Oracle GraalVM for JDK:17.0.8", "P-856V-Oracle GraalVM Enterprise Edition:21.3.7" ] } ] }, { "cve": "CVE-2023-22026", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34076808" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-5.7.42 and prior", "P-8478V-8.0.31 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.31 and prior", "P-8478V-5.7.42 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.31 and prior", "P-8478V-5.7.42 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Zu-Ming Jiang" ] } ], "cve": "CVE-2023-22028", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34377854" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-5.7.43 and prior", "P-8478V-8.0.31 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.31 and prior", "P-8478V-5.7.43 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.31 and prior", "P-8478V-5.7.43 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Jeffrey McClure" ] } ], "cve": "CVE-2023-22029", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35370212" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2023-22032", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34778435" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0", "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-22043", "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35393005" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Oracle Java SE)). The supported version that is affected is 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-9633V-11.3.2" ] } ] }, { "cve": "CVE-2023-22059", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34909766" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0", "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-22064", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34920120" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-22065", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34927110" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "cve": "CVE-2023-22066", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34957949" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0", "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ] } ] }, { "acknowledgments": [ { "names": [ "thiscodecc" ], "organization": "MoyunSec TopBreaker Labs and Bing" } ], "cve": "CVE-2023-22067", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35033261" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:8u381-perf", "P-856V-Oracle Java SE:8u381", "P-856V-Oracle GraalVM Enterprise Edition:21.3.7", "P-856V-Oracle GraalVM Enterprise Edition:20.3.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:8u381-perf", "P-856V-Oracle Java SE:8u381", "P-856V-Oracle GraalVM Enterprise Edition:21.3.7", "P-856V-Oracle GraalVM Enterprise Edition:20.3.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2978178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:8u381-perf", "P-856V-Oracle Java SE:8u381", "P-856V-Oracle GraalVM Enterprise Edition:21.3.7", "P-856V-Oracle GraalVM Enterprise Edition:20.3.11" ] } ] }, { "cve": "CVE-2023-22068", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35039937" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0", "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ] } ] }, { "acknowledgments": [ { "names": [ "bluE0 and Qing Xu" ] }, { "names": [ "sw0rd1ight" ] }, { "names": [ "v3geb1rd" ] }, { "names": [ "Wenhui Wang" ], "organization": "State Grid" } ], "cve": "CVE-2023-22069", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35090327" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-22070", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35105404" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0", "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ] } ] }, { "acknowledgments": [ { "names": [ "Andrejs Macnevs" ] } ], "cve": "CVE-2023-22071", "ids": [ { "system_name": "Oracle Bug ID of PL/SQL", "text": "35209504" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PL/SQL accessible data as well as unauthorized read access to a subset of PL/SQL accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PL/SQL. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11V-21.3-21.11", "P-11V-19.3-19.20" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11V-21.3-21.11", "P-11V-19.3-19.20" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-11V-21.3-21.11", "P-11V-19.3-19.20" ] } ] }, { "acknowledgments": [ { "names": [ "hosch3n" ], "organization": "MoreSec Zhuri Lab" } ], "cve": "CVE-2023-22072", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35250956" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-12.2.1.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-12.2.1.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-12.2.1.3.0" ] } ] }, { "cve": "CVE-2023-22073", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35251084" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Oracle Notification Server)V-21.3-21.11", "P-5(Oracle Notification Server)V-19.3-19.20" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Notification Server)V-19.3-19.20", "P-5(Oracle Notification Server)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Notification Server)V-19.3-19.20", "P-5(Oracle Notification Server)V-21.3-21.11" ] } ] }, { "acknowledgments": [ { "names": [ "Emad Al-Mousa" ], "organization": "Saudi Aramco" } ], "cve": "CVE-2023-22074", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35280309" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Oracle Database Sharding)V-19.3-19.20", "P-5(Oracle Database Sharding)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Sharding)V-19.3-19.20", "P-5(Oracle Database Sharding)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(Oracle Database Sharding)V-19.3-19.20", "P-5(Oracle Database Sharding)V-21.3-21.11" ] } ] }, { "acknowledgments": [ { "names": [ "Emad Al-Mousa" ], "organization": "Saudi Aramco" } ], "cve": "CVE-2023-22075", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35280322" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Oracle Database Sharding)V-19.3-19.20", "P-5(Oracle Database Sharding)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Sharding)V-19.3-19.20", "P-5(Oracle Database Sharding)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(Oracle Database Sharding)V-19.3-19.20", "P-5(Oracle Database Sharding)V-21.3-21.11" ] } ] }, { "acknowledgments": [ { "names": [ "Sharique Raza" ] } ], "cve": "CVE-2023-22076", "ids": [ { "system_name": "Oracle Bug ID of Oracle Applications Framework", "text": "35310356" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1472V-12.2.3-12.2.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1472V-12.2.3-12.2.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1472V-12.2.3-12.2.12" ] } ] }, { "acknowledgments": [ { "names": [ "Emad Al-Mousa" ], "organization": "Saudi Aramco" } ], "cve": "CVE-2023-22077", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35325831" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA account privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Oracle Database Recovery Manager)V-21.3-21.11", "P-5(Oracle Database Recovery Manager)V-19.3-19.20" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Recovery Manager)V-19.3-19.20", "P-5(Oracle Database Recovery Manager)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5(Oracle Database Recovery Manager)V-19.3-19.20", "P-5(Oracle Database Recovery Manager)V-21.3-21.11" ] } ] }, { "cve": "CVE-2023-22078", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35328028" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0", "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-22079", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35362424" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-22080", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35383568" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.60", "P-5085V-8.59" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2978441.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5085V-8.59", "P-5085V-8.60" ] } ] }, { "cve": "CVE-2023-22081", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "35397388" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-Oracle Java SE:11.0.20", "P-856V-Oracle Java SE:21", "P-856V-Oracle GraalVM Enterprise Edition:22.3.3", "P-856V-Oracle GraalVM for JDK:21", "P-856V-Oracle Java SE:17.0.8", "P-856V-Oracle Java SE:8u381-perf", "P-856V-Oracle Java SE:8u381", "P-856V-Oracle GraalVM for JDK:17.0.8", "P-856V-Oracle GraalVM Enterprise Edition:21.3.7", "P-856V-Oracle GraalVM Enterprise Edition:20.3.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-Oracle Java SE:11.0.20", "P-856V-Oracle Java SE:21", "P-856V-Oracle GraalVM Enterprise Edition:22.3.3", "P-856V-Oracle GraalVM for JDK:21", "P-856V-Oracle Java SE:17.0.8", "P-856V-Oracle Java SE:8u381-perf", "P-856V-Oracle Java SE:8u381", "P-856V-Oracle GraalVM for JDK:17.0.8", "P-856V-Oracle GraalVM Enterprise Edition:21.3.7", "P-856V-Oracle GraalVM Enterprise Edition:20.3.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2978178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-856V-Oracle Java SE:11.0.20", "P-856V-Oracle Java SE:21", "P-856V-Oracle GraalVM Enterprise Edition:22.3.3", "P-856V-Oracle GraalVM for JDK:21", "P-856V-Oracle Java SE:17.0.8", "P-856V-Oracle Java SE:8u381-perf", "P-856V-Oracle Java SE:8u381", "P-856V-Oracle GraalVM for JDK:17.0.8", "P-856V-Oracle GraalVM Enterprise Edition:21.3.7", "P-856V-Oracle GraalVM Enterprise Edition:20.3.11" ] } ] }, { "acknowledgments": [ { "names": [ "AnhNH" ], "organization": "Sacombank" }, { "names": [ "ChauUHM" ], "organization": "Sacombank" }, { "names": [ "TungHT" ], "organization": "Sacombank" } ], "cve": "CVE-2023-22082", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35555020" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "acknowledgments": [ { "names": [ "milCERT AT" ] } ], "cve": "CVE-2023-22083", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Communications Broker", "text": "35626979" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Session Border Controller", "text": "35402417" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications (component: Web UI). Supported versions that are affected are 3.3, 4.0 and 4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10757V-9.0-9.2", "P-10758V-4.0", "P-10758V-3.3", "P-10758V-4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10757V-9.0-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978230.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10758V-4.0", "P-10758V-3.3", "P-10758V-4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2978214.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10757V-9.0-9.2", "P-10758V-4.0", "P-10758V-3.3", "P-10758V-4.1" ] } ] }, { "cve": "CVE-2023-22084", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35432973" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior", "P-8478V-5.7.43 and prior", "P-8478V-8.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-5.7.43 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-5.7.43 and prior", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-22085", "ids": [ { "system_name": "Oracle Bug ID of Hospitality OPERA 5 Property Services", "text": "35474120" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11580V-5.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11580V-5.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2978137.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-11580V-5.6" ] } ] }, { "acknowledgments": [ { "names": [ "aw0yo" ], "organization": "Cyber KunLun" }, { "names": [ "bluE0 and Qing Xu" ] }, { "names": [ "Liu Ming" ] }, { "names": [ "X1r0z" ] } ], "cve": "CVE-2023-22086", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35475930" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-22087", "ids": [ { "system_name": "Oracle Bug ID of Hospitality OPERA 5 Property Services", "text": "35523024" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11580V-5.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11580V-5.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2978137.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-11580V-5.6" ] } ] }, { "acknowledgments": [ { "names": [ "Spyridon Chatzimichail" ], "organization": "OTE Hellenic Telecommunications Organization S.A." } ], "cve": "CVE-2023-22088", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "35555558" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User Management). Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2270V-7.4.0", "P-2270V-7.4.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-7.4.0", "P-2270V-7.4.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2977045.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-2270V-7.4.0", "P-2270V-7.4.1" ] } ] }, { "acknowledgments": [ { "names": [ "bluE0 and Qing Xu" ] } ], "cve": "CVE-2023-22089", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35602009" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-22090", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise CC Common Application Objects", "text": "35512670" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Events & Notifications). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8911V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8911V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978441.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-8911V-9.2" ] } ] }, { "cve": "CVE-2023-22091", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "35625180" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3", "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:20.3.11", "P-13497V-Oracle GraalVM for JDK:21", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:20.3.11", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.7", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3", "P-13497V-Oracle GraalVM for JDK:21" ], "url": "https://support.oracle.com/rs?type=doc&id=2978178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:20.3.11", "P-13497V-Oracle GraalVM Enterprise Edition:21.3.7", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3", "P-13497V-Oracle GraalVM for JDK:21" ] } ] }, { "cve": "CVE-2023-22092", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35694546" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-22093", "ids": [ { "system_name": "Oracle Bug ID of Oracle iRecruitment", "text": "35698168" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iRecruitment accessible data as well as unauthorized read access to a subset of Oracle iRecruitment accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1193V-12.2.3-12.2.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1193V-12.2.3-12.2.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1193V-12.2.3-12.2.12" ] } ] }, { "acknowledgments": [ { "names": [ "Tmotfl" ] } ], "cve": "CVE-2023-22094", "ids": [ { "system_name": "Oracle Bug ID of MySQL Installer", "text": "35707953" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9536V-Prior to 1.6.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9536V-Prior to 1.6.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.9, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H", "version": "3.1" }, "products": [ "P-9536V-Prior to 1.6.8" ] } ] }, { "acknowledgments": [ { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2023-22095", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35710378" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-22096", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35717077" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Java VM)V-19.3-19.20", "P-5(Java VM)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Java VM)V-21.3-21.11", "P-5(Java VM)V-19.3-19.20" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-5(Java VM)V-21.3-21.11", "P-5(Java VM)V-19.3-19.20" ] } ] }, { "cve": "CVE-2023-22097", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "34866769" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0", "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ] } ] }, { "acknowledgments": [ { "names": [ "Andy Nguyen" ], "organization": "Google" } ], "cve": "CVE-2023-22098", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "35721171" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2978250.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.12" ] } ] }, { "acknowledgments": [ { "names": [ "Andy Nguyen" ], "organization": "Google" } ], "cve": "CVE-2023-22099", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "35721172" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2978250.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.12" ] } ] }, { "acknowledgments": [ { "names": [ "Andy Nguyen" ], "organization": "Google" }, { "names": [ "Xiao Lei" ] } ], "cve": "CVE-2023-22100", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "35721173" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-Prior to 7.0.12" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-Prior to 7.0.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2978250.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.9, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-8370V-Prior to 7.0.12" ] } ] }, { "acknowledgments": [ { "names": [ "Moritz Bechler" ], "organization": "SySS GmbH" } ], "cve": "CVE-2023-22101", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "34881986" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Paul Gerste with Sonar" ] } ], "cve": "CVE-2023-22102", "ids": [ { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "35811592" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8576V-8.1.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8576V-8.1.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8576V-8.1.0 and prior" ] } ] }, { "cve": "CVE-2023-22103", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35150382" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0", "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-22104", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35159396" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.32 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.32 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.32 and prior" ] } ] }, { "cve": "CVE-2023-22105", "ids": [ { "system_name": "Oracle Bug ID of BI Publisher", "text": "35151885" } ], "notes": [ { "category": "description", "text": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1479V-6.4.0.0.0", "P-1479V-7.0.0.0.0" ] } ] }, { "cve": "CVE-2023-22106", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "35670405" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: API). Supported versions that are affected are ECC: 8, 9 and 10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13788V-ECC: 8", "P-13788V-9", "P-13788V-10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-ECC: 8", "P-13788V-9", "P-13788V-10" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13788V-ECC: 8", "P-13788V-9", "P-13788V-10" ] } ] }, { "acknowledgments": [ { "names": [ "Nils Putnins" ], "organization": "NATO Cyber Security Centre (NCSC)" } ], "cve": "CVE-2023-22107", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "35729673" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: UI Components). Supported versions that are affected are ECC: 8, 9 and 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Command Center Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Command Center Framework accessible data as well as unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13788V-ECC: 8", "P-13788V-9", "P-13788V-10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-ECC: 8", "P-13788V-9", "P-13788V-10" ], "url": "https://support.oracle.com/rs?type=doc&id=2484000.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13788V-ECC: 8", "P-13788V-9", "P-13788V-10" ] } ] }, { "acknowledgments": [ { "names": [ "Liboheng" ] }, { "names": [ "lilifeng" ] } ], "cve": "CVE-2023-22108", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35596035" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "ninh.0x4c" ], "organization": "sacombank" } ], "cve": "CVE-2023-22109", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35581165" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Dashboards). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.0.0.0.0", "P-2025V-12.2.1.4.0", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 4.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2023-22110", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35231475" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "cve": "CVE-2023-22111", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35242734" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Zu-Ming Jiang" ] } ], "cve": "CVE-2023-22112", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35284734" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior" ] } ] }, { "cve": "CVE-2023-22113", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35339886" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "acknowledgments": [ { "names": [ "Jie Liang" ], "organization": "WingTecher Lab" }, { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2023-22114", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35345903" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.1.0", "P-8478V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-22115", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35442407" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior" ] } ] }, { "cve": "CVE-2023-22117", "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35553991" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9052V-14.0-14.3", "P-9052V-12.4", "P-9052V-12.3", "P-9052V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9052V-14.0-14.3", "P-9052V-12.4", "P-9052V-12.3", "P-9052V-14.5-14.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9052V-14.0-14.3", "P-9052V-12.4", "P-9052V-12.3", "P-9052V-14.5-14.7" ] } ] }, { "acknowledgments": [ { "names": [ "Nikos Tziris" ], "organization": "PwC" } ], "cve": "CVE-2023-22118", "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35568496" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9052V-14.0-14.3", "P-9052V-12.4", "P-9052V-12.3", "P-9052V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9052V-14.0-14.3", "P-9052V-12.4", "P-9052V-12.3", "P-9052V-14.5-14.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-9052V-14.0-14.3", "P-9052V-12.4", "P-9052V-12.3", "P-9052V-14.5-14.7" ] } ] }, { "cve": "CVE-2023-22119", "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35598609" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9052V-14.0-14.3", "P-9052V-12.4", "P-9052V-12.3", "P-9052V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9052V-14.0-14.3", "P-9052V-12.4", "P-9052V-12.3", "P-9052V-14.5-14.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "P-9052V-14.0-14.3", "P-9052V-12.4", "P-9052V-12.3", "P-9052V-14.5-14.7" ] } ] }, { "cve": "CVE-2023-22121", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "35849652" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14134V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14134V-14.5-14.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14134V-14.5-14.7" ] } ] }, { "cve": "CVE-2023-22122", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "35849662" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14134V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14134V-14.5-14.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "P-14134V-14.5-14.7" ] } ] }, { "cve": "CVE-2023-22123", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "35849668" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14134V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14134V-14.5-14.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14134V-14.5-14.7" ] } ] }, { "cve": "CVE-2023-22124", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "35849682" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14134V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14134V-14.5-14.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14134V-14.5-14.7" ] } ] }, { "cve": "CVE-2023-22125", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "35849691" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14134V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14134V-14.5-14.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14134V-14.5-14.7" ] } ] }, { "acknowledgments": [ { "names": [ "Aamir Rehman" ] } ], "cve": "CVE-2023-22126", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Content", "text": "35684220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2271V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2271V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-2271V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-22127", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "35745709" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-2276V-8.5.6" ] } ] }, { "cve": "CVE-2023-22128", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "35606017" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via rquota to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-10", "P-10006V-11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-10", "P-10006V-11" ], "url": "https://support.oracle.com/rs?type=doc&id=2978317.1" } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10006V-10", "P-10006V-11" ] } ] }, { "cve": "CVE-2023-22129", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "34986555" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. Note: This vunlerability only affects SPARC Systems. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-11" ], "url": "https://support.oracle.com/rs?type=doc&id=2978317.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10006V-11" ] } ] }, { "cve": "CVE-2023-22130", "ids": [ { "system_name": "Oracle Bug ID of Sun ZFS Storage Appliance", "text": "35668625" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10026V-8.8.60" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10026V-8.8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2978317.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10026V-8.8.60" ] } ] }, { "cve": "CVE-2023-2283", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35548752" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35548739" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (libssh)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Binding Support Function accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Platform (libssh)). The supported version that is affected is 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Network Analytics Data Director accessible data as well as unauthorized read access to a subset of Oracle Communications Network Analytics Data Director accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14547V-23.2.0", "P-14121V-23.1.0-23.1.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978845.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14547V-23.2.0", "P-14121V-23.1.0-23.1.7" ] } ] }, { "cve": "CVE-2023-22946", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35383820" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35370067" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Spark)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Spark)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. While the vulnerability is in Oracle Financial Services Model Management and Governance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ] } ] }, { "cve": "CVE-2023-23914", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2023-23915", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2023-23916", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] } ] }, { "cve": "CVE-2023-23931", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "35120820" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Cryptography)). The supported version that is affected is 23.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.2.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978838.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-14125V-23.2.0" ] } ] }, { "cve": "CVE-2023-24998", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of GoldenGate Veridata", "text": "35170878" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Studio", "text": "35170877" }, { "system_name": "Oracle Bug ID of Oracle Fusion Middleware MapViewer", "text": "35170902" }, { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "35170915" }, { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "35255702" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35170870" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Core Banking", "text": "35170850" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "35452601" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Security (Apache Commons FileUpload)). Supported versions that are affected are 11.6-11.8, 11.10 and 11.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Core Banking. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Commons FileUpload)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (Apache Commons FileUpload)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Runtime Engine (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Fusion Middleware MapViewer. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons FileUpload)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3, 21.0.2 and 22.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SOA Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the GoldenGate Veridata product of Oracle GoldenGate (component: Veridata (Apache Commons FileUpload)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9101V-11.10", "P-11513V-20.0.3", "P-9101V-11.11", "P-11513V-19.0.4", "P-1215V-12.2.1.4.0", "P-11513V-22.0.0", "P-5325V-12.2.1.4.0", "P-11513V-21.0.2", "P-11513V-18.0.5", "P-9101V-11.6-11.8", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4", "P-1162V-12.2.1.4.0" ], "known_not_affected": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9101V-11.10", "P-9101V-11.11", "P-9101V-11.6-11.8" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1215V-12.2.1.4.0", "P-5325V-12.2.1.4.0", "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-20.0.3", "P-11513V-19.0.4", "P-11513V-21.0.2", "P-11513V-18.0.5", "P-11513V-22.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2975532.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9101V-11.10", "P-11513V-20.0.3", "P-9101V-11.11", "P-11513V-19.0.4", "P-1215V-12.2.1.4.0", "P-11513V-22.0.0", "P-5325V-12.2.1.4.0", "P-11513V-21.0.2", "P-11513V-18.0.5", "P-9101V-11.6-11.8", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4", "P-1162V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10945V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5758V-12.2.1.4.0-12.2.1.4.230922", "P-10945V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-25690", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "35218759" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache HTTP Server)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.14.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.14.0.000" ] } ] }, { "cve": "CVE-2023-2603", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "35821051" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (libcap)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Exposure Function executes to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14122V-23.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978797.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14122V-23.1.3" ] } ] }, { "cve": "CVE-2023-26048", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35375419" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35375409" }, { "system_name": "Oracle Bug ID of Oracle Retail EFTLink", "text": "35375426" }, { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "35368637" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35375389" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35821736" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35375374" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35375376" }, { "system_name": "Oracle Bug ID of Oracle Banking Electronic Data Exchange for Corporates", "text": "35375375" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35375381" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35375380" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35375372" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35375382" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Eclipse Jetty)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Origination accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Eclipse Jetty)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Model Management and Governance accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail EFTLink product of Oracle Retail Applications (component: Installation (Eclipse Jetty)). Supported versions that are affected are 20.0.1, 21.0.0 and 22.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail EFTLink. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail EFTLink accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Eclipse Jetty)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Trade Finance Process Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Credit Facilities Process Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Electronic Data Exchange for Corporates product of Oracle Financial Services Applications (component: Reports (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Electronic Data Exchange for Corporates. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Electronic Data Exchange for Corporates accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Supply Chain Finance accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle REST Data Services (component: ORDS (Eclipse Jetty)). Supported versions that are affected are Prior to 23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-11516V-21.0.0", "P-13718V-14.5-14.7", "P-11516V-22.0.0", "P-14393V-14.5-14.7", "P-13487V-14.5-14.7", "P-14325V-14.5-14.7", "P-14250V-23.1.1", "P-11516V-20.0.1", "P-9456V-Prior to 23.2.2", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7", "P-14123V-23.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2978796.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-14325V-14.5-14.7", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-13487V-14.5-14.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11516V-20.0.1", "P-11516V-21.0.0", "P-11516V-22.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2975532.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978841.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9456V-Prior to 23.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-11516V-21.0.0", "P-13718V-14.5-14.7", "P-11516V-22.0.0", "P-14393V-14.5-14.7", "P-13487V-14.5-14.7", "P-14325V-14.5-14.7", "P-14250V-23.1.1", "P-11516V-20.0.1", "P-9456V-Prior to 23.2.2", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-14123V-23.1.3" ] } ] }, { "cve": "CVE-2023-26049", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35375419" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35375409" }, { "system_name": "Oracle Bug ID of Oracle Retail EFTLink", "text": "35375426" }, { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "35368637" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35375389" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35821736" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35375374" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35375376" }, { "system_name": "Oracle Bug ID of Oracle Banking Electronic Data Exchange for Corporates", "text": "35375375" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35375381" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35375380" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35375372" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35375382" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle REST Data Services (component: ORDS (Eclipse Jetty)). Supported versions that are affected are Prior to 23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Credit Facilities Process Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Electronic Data Exchange for Corporates product of Oracle Financial Services Applications (component: Reports (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Electronic Data Exchange for Corporates. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Electronic Data Exchange for Corporates accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Supply Chain Finance accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Trade Finance Process Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Eclipse Jetty)). The supported version that is affected is 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Eclipse Jetty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Origination accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Eclipse Jetty)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Model Management and Governance accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail EFTLink product of Oracle Retail Applications (component: Installation (Eclipse Jetty)). Supported versions that are affected are 20.0.1, 21.0.0 and 22.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail EFTLink. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail EFTLink accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Eclipse Jetty)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-13718V-14.5-14.7", "P-11516V-21.0.0", "P-11516V-22.0.0", "P-14393V-14.5-14.7", "P-13487V-14.5-14.7", "P-14325V-14.5-14.7", "P-14250V-23.1.1", "P-11516V-20.0.1", "P-9456V-Prior to 23.2.2", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7", "P-14123V-23.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9456V-Prior to 23.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-14325V-14.5-14.7", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-13487V-14.5-14.7", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2978796.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11516V-20.0.1", "P-11516V-21.0.0", "P-11516V-22.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2975532.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978841.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-13718V-14.5-14.7", "P-11516V-21.0.0", "P-11516V-22.0.0", "P-14393V-14.5-14.7", "P-13487V-14.5-14.7", "P-14325V-14.5-14.7", "P-14250V-23.1.1", "P-11516V-20.0.1", "P-9456V-Prior to 23.2.2", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-14123V-23.1.3" ] } ] }, { "cve": "CVE-2023-2650", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35475182" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35475180" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "35475140" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). The supported version that is affected is 21.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Essbase. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-5.7.42 and prior", "P-4379V-21.5.0.0.0", "P-1042V-12.2.1.4.0", "P-8478V-8.0.33 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.33 and prior", "P-8478V-5.7.42 and prior", "P-4379V-21.5.0.0.0", "P-1042V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-26604", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "35821148" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (systemd)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Exposure Function executes to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14122V-23.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978797.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14122V-23.1.3" ] } ] }, { "cve": "CVE-2023-27522", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "35218759" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache HTTP Server)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.14.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.14.0.000" ] } ] }, { "cve": "CVE-2023-27533", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "35329547" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Infrastructure (curl)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0", "P-4392V-11.2.14.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] }, { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.14.0.000" ] } ] }, { "cve": "CVE-2023-27534", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "35329547" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Infrastructure (curl)). The supported version that is affected is 11.2.14.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0", "P-4392V-11.2.14.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.14.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=2775466.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] }, { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.14.0.000" ] } ] }, { "cve": "CVE-2023-28319", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.5.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35580565" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Infrastructure (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0" ], "known_not_affected": [ "P-4379V-21.5.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.5.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.5.0.0.0" ] } ] }, { "cve": "CVE-2023-28320", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.5.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Spatial and Graph (cURL)", "text": "35598911" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35580565" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Infrastructure (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Spatial and Graph (cURL) component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Spatial and Graph (cURL). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (cURL). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0", "P-619V-19.3-19.20", "P-619V-21.3-21.11" ], "known_not_affected": [ "P-4379V-21.5.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11", "P-4379V-21.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.5.0.0.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.5.0.0.0" ] } ] }, { "cve": "CVE-2023-28321", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.5.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Spatial and Graph (cURL)", "text": "35598911" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35580565" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Infrastructure (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Spatial and Graph (cURL) component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Spatial and Graph (cURL). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (cURL). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0", "P-619V-19.3-19.20", "P-619V-21.3-21.11" ], "known_not_affected": [ "P-4379V-21.5.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11", "P-4379V-21.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.5.0.0.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.5.0.0.0" ] } ] }, { "cve": "CVE-2023-28322", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.5.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Spatial and Graph (cURL)", "text": "35598911" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Ops Center", "text": "35182033" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "35580565" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (curl)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Ops Center accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Ops Center accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Infrastructure (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Spatial and Graph (cURL) component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Spatial and Graph (cURL). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (cURL). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9835V-12.4.0.0", "P-619V-19.3-19.20", "P-619V-21.3-21.11" ], "known_not_affected": [ "P-4379V-21.5.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9835V-12.4.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966414.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11", "P-4379V-21.5.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-9835V-12.4.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.5.0.0.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.5.0.0.0" ] } ] }, { "cve": "CVE-2023-28439", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Deposits and Lines of Credit Servicing", "text": "35266102" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Deposits and Lines of Credit Servicing product of Oracle Financial Services Applications (component: UI (CKEditor)). The supported version that is affected is 2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Deposits and Lines of Credit Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Deposits and Lines of Credit Servicing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Deposits and Lines of Credit Servicing accessible data as well as unauthorized read access to a subset of Oracle Banking Deposits and Lines of Credit Servicing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13928V-2.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13928V-2.7" ], "url": "https://support.oracle.com" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-13928V-2.7" ] } ] }, { "cve": "CVE-2023-28484", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35431090" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844157" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35431064" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "35431072" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (libxml2)). The supported version that is affected is 23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (libxml2)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (libxml2)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (libxml2)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.2.2", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-1042V-12.2.1.4.0", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978838.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14125V-23.2.2", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-1042V-12.2.1.4.0", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-28708", "ids": [ { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "35269881" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35533888" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench, Endeca Application Controller, Content Acquisition System (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10198V-12.2.1.4.0", "P-9633V-11.3.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10198V-12.2.1.4.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9633V-11.3.2" ] } ] }, { "cve": "CVE-2023-28709", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-11528V-2.5 and prior" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "35533888" }, { "system_name": "Oracle Bug ID of Oracle Big Data Spatial and Graph", "text": "35533884" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench, Endeca Application Controller, Content Acquisition System (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633V-11.3.2" ], "known_not_affected": [ "P-11528V-2.5 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11528V-2.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633V-11.3.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978523.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-11528V-2.5 and prior" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9633V-11.3.2" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-11528V-2.5 and prior" ] } ] }, { "cve": "CVE-2023-29402", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35563031" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ] }, { "cve": "CVE-2023-29403", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35563031" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ] }, { "cve": "CVE-2023-29404", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35563031" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ] }, { "cve": "CVE-2023-29405", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35563031" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Golang Go)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-1870V-Prior to 22.1.1.18.0", "P-1870V-Prior to 18.1.4.38.0" ] } ] }, { "cve": "CVE-2023-29469", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "35431090" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844157" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35431064" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "35431072" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (libxml2)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (libxml2)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (libxml2)). The supported version that is affected is 23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (libxml2)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-23.2.2", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-1042V-12.2.1.4.0", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-23.2.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978838.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14125V-23.2.2", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-1042V-12.2.1.4.0", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-29491", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844112" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844109" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (NCURSES)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (NCURSES)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-2975", "ids": [ { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "35702874" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "35702876" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35702878" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.1.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.1.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8480V-8.0.35 and prior", "P-8576V-8.1.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.35 and prior", "P-8576V-8.1.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-8480V-8.0.35 and prior", "P-8576V-8.1.0 and prior" ] } ] }, { "cve": "CVE-2023-2976", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11", "P-5(SQLcl)V-21.3-21.11", "P-9456V-Prior to 23.2.2", "P-14069V-22.4.4 and prior", "P-5(SQLcl)V-19.3-19.20" ] }, { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-2196V-12.2.1.4.0" ] }, { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35770184" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35770140" }, { "system_name": "Oracle Bug ID of Oracle Spatial and Graph (Google Guava)", "text": "35585502" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35770182" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "35536794" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "35770180" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "35770138" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35770139" }, { "system_name": "Oracle Bug ID of Graph Server and Client", "text": "35770257" }, { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "35770312" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "35770179" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "35770232" }, { "system_name": "Oracle Bug ID of Oracle Fusion Middleware MapViewer", "text": "35770276" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35770152" }, { "system_name": "Oracle Bug ID of Oracle Banking Payments", "text": "35770150" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35770151" }, { "system_name": "Oracle Bug ID of Oracle Retail Integration Bus", "text": "35770291" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35770190" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35770191" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35696159" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35598272" }, { "system_name": "Oracle Bug ID of Primavera Gateway", "text": "35770305" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35770224" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35770148" }, { "system_name": "Oracle Bug ID of Oracle Retail Customer Management and Segmentation Foundation", "text": "35770288" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35770245" }, { "system_name": "Oracle Bug ID of Oracle Retail Financial Integration", "text": "35770289" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35770146" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35770124" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Enterprise Limits and Collateral Management", "text": "35770242" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35770144" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35770185" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "35811832" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending", "text": "35770141" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35770142" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35624771" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Google Guava)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Trade Finance Process Management executes to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance Process Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance Process Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Google Guava)). Supported versions that are affected are 23.1.2 and 23.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Console executes to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Console accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Google Guava)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Exposure Function executes to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Exposure Function accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Exposure Function accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Google Guava)). Supported versions that are affected are 23.2.1 and 23.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Repository Function executes to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Repository Function accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Google Guava)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Google Guava)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Security Edge Protection Proxy executes to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: General (Google Guava)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Element Manager executes to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Element Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General (Google Guava)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Session Report Manager executes to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Session Report Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Google Guava)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (Google Guava)). The supported version that is affected is 12.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Policy Management executes to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Policy Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management product of Oracle Financial Services Applications (component: Infrastructure (Google Guava)). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Enterprise Limits and Collateral Management executes to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Google Guava)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Origination executes to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Origination accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Origination accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Graph Server and Client product of Oracle Graph Server and Client (component: Packaging (Google Guava)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Google Guava)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Fusion Middleware MapViewer executes to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Fusion Middleware MapViewer accessible data as well as unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security (Google Guava)). Supported versions that are affected are 18.0.0.13 and 19.0.0.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Financial Integration product of Oracle Retail Applications (component: PeopleSoft Integration Bugs (Google Guava)). Supported versions that are affected are 14.1.3.2, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Financial Integration executes to compromise Oracle Retail Financial Integration. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Financial Integration accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Financial Integration accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Google Guava)). Supported versions that are affected are 14.1.3.2, 15.0.3.1, 16.0.3 and 19.0.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Integration Bus executes to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Integration Bus accessible data as well as unauthorized access to critical data or complete access to all Oracle Retail Integration Bus accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Google Guava)). Supported versions that are affected are 19.12.0-19.12.17, 20.12.0-20.12.12 and 21.12.0-21.12.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera Gateway executes to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Gateway accessible data as well as unauthorized access to critical data or complete access to all Primavera Gateway accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle REST Data Services (component: ORDS (Google Guava)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Google Guava)). The supported version that is affected is 23.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Users, roles, credentials, security (Google Guava)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Spatial and Graph (Google Guava) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Google Guava)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Supply Chain Finance executes to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Supply Chain Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Supply Chain Finance accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core (Google Guava)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Payments executes to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Payments accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Google Guava)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Liquidity Management executes to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Liquidity Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI (Google Guava)). Supported versions that are affected are 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Digital Experience executes to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Digital Experience accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Digital Experience accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Google Guava)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Credit Facilities Process Management executes to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Credit Facilities Process Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Credit Facilities Process Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Core (Google Guava)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Corporate Lending Process Management executes to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Corporate Lending Process Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core (Google Guava)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Corporate Lending executes to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Corporate Lending accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Google Guava)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Cash Management executes to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Cash Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Google Guava)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Branch executes to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Branch accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Branch accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Google Guava)). Supported versions that are affected are 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking APIs executes to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking APIs accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking APIs accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Google Guava)). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Enterprise Monitor executes to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the SQLcl (Google Guava) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Google Guava)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers (Google Guava)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14195V-14.5-14.7", "P-10722V-15.0.3.1", "P-1807V-19.0.1", "P-13676V-21.1", "P-12605V-19.1", "P-14250V-23.2.1", "P-10770V-9.0.0-9.0.2", "P-5242V-12.2.1.4.0", "P-1807V-14.1.3.2", "P-14324V-14.5-14.7", "P-14123V-23.1.3", "P-12989V-14.0-14.3", "P-13872V-14.5-14.7", "P-14119V-23.1.2", "P-8480V-8.0.35 and prior", "P-1215V-12.2.1.4.0", "P-11052V-9.0.0-9.0.2", "P-10605V-20.12.0-20.12.12", "P-9100V-12.4", "P-9100V-12.3", "P-12605V-18.3", "P-14118V-23.2.1", "P-14277V-23.2.0-23.2.4", "P-1807V-15.0.3.1", "P-5242V-14.1.1.0.0", "P-12605V-21.1", "P-10900V-12.6.0.0", "P-13304V-14.5-14.7", "P-13676V-19.1", "P-13676V-19.2", "P-10722V-19.0.1", "P-13718V-14.5-14.7", "P-13388V-19.0.0.7", "P-14250V-23.1.2", "P-13011V-14.5-14.7", "P-14122V-23.1.3", "P-13676V-22.1", "P-9100V-14.0-14.3", "P-13676V-22.2", "P-14121V-23.1.0-23.1.7", "P-13703V-14.5-14.7", "P-14118V-23.1.3", "P-13011V-14.0-14.3", "P-10605V-19.12.0-19.12.17", "P-10605V-21.12.0-21.12.10", "P-10722V-14.1.3.2", "P-10722V-16.0.3", "P-12605V-19.2", "P-1807V-16.0.3", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14325V-14.5-14.7", "P-12605V-22.2", "P-9100V-14.5-14.7", "P-12605V-22.1", "P-12989V-14.5-14.7", "P-13388V-18.0.0.13", "P-13701V-14.5-14.7", "P-13676V-18.3" ], "known_not_affected": [ "P-2025V-12.2.1.4.0", "P-619V-19.3-19.20", "P-2196V-12.2.1.4.0", "P-619V-21.3-21.11", "P-5(SQLcl)V-21.3-21.11", "P-2025V-7.0.0.0.0", "P-9456V-Prior to 23.2.2", "P-2025V-6.4.0.0.0", "P-14069V-22.4.4 and prior", "P-5(SQLcl)V-19.3-19.20" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.5-14.7", "P-13718V-14.5-14.7", "P-13676V-21.1", "P-12605V-19.1", "P-13011V-14.5-14.7", "P-13676V-22.1", "P-9100V-14.0-14.3", "P-13676V-22.2", "P-14324V-14.5-14.7", "P-13703V-14.5-14.7", "P-12989V-14.0-14.3", "P-13872V-14.5-14.7", "P-13011V-14.0-14.3", "P-9100V-12.4", "P-9100V-12.3", "P-12605V-18.3", "P-12605V-19.2", "P-14325V-14.5-14.7", "P-12605V-22.2", "P-9100V-14.5-14.7", "P-12605V-21.1", "P-12605V-22.1", "P-12989V-14.5-14.7", "P-13304V-14.5-14.7", "P-13676V-19.1", "P-13701V-14.5-14.7", "P-13676V-18.3", "P-13676V-19.2" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-23.1.2", "P-14250V-23.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2978796.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978797.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.3", "P-14118V-23.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2978839.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978841.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978844.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-12.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2979749.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11", "P-5(SQLcl)V-21.3-21.11", "P-9456V-Prior to 23.2.2", "P-14069V-22.4.4 and prior", "P-5(SQLcl)V-19.3-19.20" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-2196V-12.2.1.4.0", "P-1215V-12.2.1.4.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10722V-15.0.3.1", "P-10722V-19.0.1", "P-1807V-19.0.1", "P-1807V-15.0.3.1", "P-10722V-14.1.3.2", "P-10722V-16.0.3", "P-1807V-14.1.3.2", "P-13388V-18.0.0.13", "P-13388V-19.0.0.7", "P-1807V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2975532.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10605V-19.12.0-19.12.17", "P-10605V-21.12.0-21.12.10", "P-10605V-20.12.0-20.12.12" ], "url": "https://support.oracle.com/rs?type=doc&id=2978463.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-23.1.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978842.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.35 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14195V-14.5-14.7", "P-10722V-15.0.3.1", "P-1807V-19.0.1", "P-13676V-21.1", "P-12605V-19.1", "P-14250V-23.2.1", "P-10770V-9.0.0-9.0.2", "P-5242V-12.2.1.4.0", "P-1807V-14.1.3.2", "P-14324V-14.5-14.7", "P-14123V-23.1.3", "P-12989V-14.0-14.3", "P-13872V-14.5-14.7", "P-14119V-23.1.2", "P-8480V-8.0.35 and prior", "P-1215V-12.2.1.4.0", "P-11052V-9.0.0-9.0.2", "P-10605V-20.12.0-20.12.12", "P-9100V-12.4", "P-9100V-12.3", "P-12605V-18.3", "P-14118V-23.2.1", "P-14277V-23.2.0-23.2.4", "P-1807V-15.0.3.1", "P-5242V-14.1.1.0.0", "P-12605V-21.1", "P-10900V-12.6.0.0", "P-13304V-14.5-14.7", "P-13676V-19.1", "P-13676V-19.2", "P-10722V-19.0.1", "P-13718V-14.5-14.7", "P-13388V-19.0.0.7", "P-14250V-23.1.2", "P-13011V-14.5-14.7", "P-14122V-23.1.3", "P-13676V-22.1", "P-9100V-14.0-14.3", "P-13676V-22.2", "P-14121V-23.1.0-23.1.7", "P-13703V-14.5-14.7", "P-14118V-23.1.3", "P-13011V-14.0-14.3", "P-10605V-19.12.0-19.12.17", "P-10605V-21.12.0-21.12.10", "P-10722V-14.1.3.2", "P-10722V-16.0.3", "P-12605V-19.2", "P-1807V-16.0.3", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14325V-14.5-14.7", "P-12605V-22.2", "P-9100V-14.5-14.7", "P-12605V-22.1", "P-12989V-14.5-14.7", "P-13388V-18.0.0.13", "P-13701V-14.5-14.7", "P-13676V-18.3" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0", "P-9456V-Prior to 23.2.2", "P-14069V-22.4.4 and prior" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11", "P-5(SQLcl)V-21.3-21.11", "P-5(SQLcl)V-19.3-19.20" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11", "P-5(SQLcl)V-21.3-21.11", "P-9456V-Prior to 23.2.2", "P-14069V-22.4.4 and prior", "P-5(SQLcl)V-19.3-19.20" ] }, { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-2196V-12.2.1.4.0" ] }, { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-2025V-12.2.1.4.0", "P-2025V-7.0.0.0.0", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2023-30535", "ids": [ { "system_name": "Oracle Bug ID of GoldenGate Big Data", "text": "35678626" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "34897678" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (jsoup)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the GoldenGate Big Data product of Oracle GoldenGate (component: Application Adapters (Snowflake JDBC)). Supported versions that are affected are 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise GoldenGate Big Data. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of GoldenGate Big Data. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-6.4.0.0.0", "P-5760V-21.3-21.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5760V-21.3-21.10" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-6.4.0.0.0" ] }, { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5760V-21.3-21.10" ] } ] }, { "cve": "CVE-2023-30585", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "35530998" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). The supported version that is affected is Oracle GraalVM for JDK: 17.0.8; Oracle GraalVM Enterprise Edition: 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3", "P-13497V-Oracle GraalVM for JDK:17.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3" ] } ] }, { "cve": "CVE-2023-30588", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "35530998" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). The supported version that is affected is Oracle GraalVM for JDK: 17.0.8; Oracle GraalVM Enterprise Edition: 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3", "P-13497V-Oracle GraalVM for JDK:17.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3" ] } ] }, { "cve": "CVE-2023-30589", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "35530998" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). The supported version that is affected is Oracle GraalVM for JDK: 17.0.8; Oracle GraalVM Enterprise Edition: 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3", "P-13497V-Oracle GraalVM for JDK:17.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3" ] } ] }, { "cve": "CVE-2023-30590", "ids": [ { "system_name": "Oracle Bug ID of Oracle GraalVM for JDK", "text": "35530998" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Node (Node.js)). The supported version that is affected is Oracle GraalVM for JDK: 17.0.8; Oracle GraalVM Enterprise Edition: 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3", "P-13497V-Oracle GraalVM for JDK:17.0.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978178.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-13497V-Oracle GraalVM for JDK:17.0.8", "P-13497V-Oracle GraalVM Enterprise Edition:22.3.3" ] } ] }, { "cve": "CVE-2023-30861", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35450244" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35450227" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (Flask)). The supported version that is affected is 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Operations Monitor accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (Flask)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10762V-5.1", "P-2025V-6.4.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=2978837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-10762V-5.1", "P-2025V-6.4.0.0.0" ] } ] }, { "cve": "CVE-2023-3090", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844068" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844047" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-3247", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35564732" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (PHP)). Supported versions that are affected are 6.0.0-6.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.0.0-6.0.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.0.0-6.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2977047.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-14597V-6.0.0-6.0.3" ] } ] }, { "cve": "CVE-2023-33201", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Electronic Data Exchange for Corporates", "text": "35761781" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35761783" }, { "system_name": "Oracle Bug ID of Oracle Banking APIs", "text": "35761775" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35761787" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "35761776" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35761820" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35761788" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35761777" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35761779" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35761813" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35761814" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35761780" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: General (Bouncy Castle Java Library)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Bouncy Castle Java Library)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Trade Finance Process Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Bouncy Castle Java Library)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Supply Chain Finance accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Bouncy Castle Java Library)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Electronic Data Exchange for Corporates product of Oracle Financial Services Applications (component: Reports (Bouncy Castle Java Library)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Electronic Data Exchange for Corporates. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Electronic Data Exchange for Corporates accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI (Bouncy Castle Java Library)). Supported versions that are affected are 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Digital Experience accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Bouncy Castle Java Library)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Credit Facilities Process Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Bouncy Castle Java Library)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Bouncy Castle Java Library)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Branch accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Bouncy Castle Java Library)). Supported versions that are affected are 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking APIs accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General (Bouncy Castle Java Library)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Bouncy Castle Java Library)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Origination accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13872V-14.5-14.7", "P-14195V-14.5-14.7", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-13676V-21.1", "P-11052V-9.0.0-9.0.2", "P-12605V-18.3", "P-12605V-19.2", "P-12605V-19.1", "P-14325V-14.5-14.7", "P-10770V-9.0.0-9.0.2", "P-12605V-22.2", "P-13676V-22.1", "P-13676V-22.2", "P-12605V-21.1", "P-12605V-22.1", "P-14324V-14.5-14.7", "P-13304V-14.5-14.7", "P-13703V-14.5-14.7", "P-13676V-19.1", "P-13676V-18.3", "P-13676V-19.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978844.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.5-14.7", "P-14195V-14.5-14.7", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-13676V-21.1", "P-12605V-18.3", "P-12605V-19.2", "P-12605V-19.1", "P-14325V-14.5-14.7", "P-12605V-22.2", "P-13676V-22.1", "P-13676V-22.2", "P-12605V-21.1", "P-12605V-22.1", "P-14324V-14.5-14.7", "P-13304V-14.5-14.7", "P-13703V-14.5-14.7", "P-13676V-19.1", "P-13676V-18.3", "P-13676V-19.2" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978836.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-13872V-14.5-14.7", "P-14195V-14.5-14.7", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-13676V-21.1", "P-11052V-9.0.0-9.0.2", "P-12605V-18.3", "P-12605V-19.2", "P-12605V-19.1", "P-14325V-14.5-14.7", "P-10770V-9.0.0-9.0.2", "P-12605V-22.2", "P-13676V-22.1", "P-13676V-22.2", "P-12605V-21.1", "P-12605V-22.1", "P-14324V-14.5-14.7", "P-13304V-14.5-14.7", "P-13703V-14.5-14.7", "P-13676V-19.1", "P-13676V-18.3", "P-13676V-19.2" ] } ] }, { "cve": "CVE-2023-3390", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844068" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844047" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-34034", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-13940V-9.1.1.6.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844143" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35677918" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35821383" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35677948" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35677899" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35677913" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "35820722" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Spring Security)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (Spring Security)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Spring Security)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Spring Security)). Supported versions that are affected are 23.1.3 and 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Spring Security)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Security)). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Spring Security)). Supported versions that are affected are 23.1.3, 23.2.1 and 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.1.3", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14122V-23.1.3", "P-8480V-8.0.35 and prior", "P-14123V-23.3.0", "P-14121V-23.1.0-23.1.7", "P-14123V-23.1.3", "P-14277V-23.2.0-23.2.4", "P-14118V-23.2.1", "P-14118V-23.3.0" ], "known_not_affected": [ "P-13940V-9.1.1.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978846.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978797.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.3.0", "P-14123V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978841.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.35 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.3", "P-14118V-23.2.1", "P-14118V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978839.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.1.3", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14122V-23.1.3", "P-8480V-8.0.35 and prior", "P-14123V-23.3.0", "P-14121V-23.1.0-23.1.7", "P-14123V-23.1.3", "P-14277V-23.2.0-23.2.4", "P-14118V-23.2.1", "P-14118V-23.3.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13940V-9.1.1.6.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-13940V-9.1.1.6.0" ] } ] }, { "cve": "CVE-2023-34035", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-13940V-9.1.1.6.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844143" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35677918" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35677948" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35677913" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Spring Security)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Spring Security)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (Spring Security)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Spring Security)). Supported versions that are affected are 23.1.3, 23.2.1 and 23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.1.3", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4", "P-14118V-23.2.1", "P-14118V-23.3.0" ], "known_not_affected": [ "P-13940V-9.1.1.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978846.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.3", "P-14118V-23.2.1", "P-14118V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978839.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.1.3", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4", "P-14118V-23.2.1", "P-14118V-23.3.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13940V-9.1.1.6.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-13940V-9.1.1.6.0" ] } ] }, { "cve": "CVE-2023-34149", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "35551745" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35551744" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Struts)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (Apache Struts)). The supported version that is affected is 12.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10900V-12.6.0.0", "P-8480V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-12.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2979749.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8480V-8.0.34 and prior", "P-10900V-12.6.0.0" ] } ] }, { "cve": "CVE-2023-34396", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "35551745" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35551744" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Struts)). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (Apache Struts)). The supported version that is affected is 12.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10900V-12.6.0.0", "P-8480V-8.0.34 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.34 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-12.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2979749.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8480V-8.0.34 and prior", "P-10900V-12.6.0.0" ] } ] }, { "cve": "CVE-2023-3446", "ids": [ { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "35702874" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "35702876" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35702878" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.1.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.1.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8480V-8.0.35 and prior", "P-8576V-8.1.0 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.35 and prior", "P-8576V-8.1.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-8480V-8.0.35 and prior", "P-8576V-8.1.0 and prior" ] } ] }, { "cve": "CVE-2023-34462", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844119" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergent Charging Controller", "text": "35576770" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "35576746" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35576744" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35576742" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35576761" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "35576809" }, { "system_name": "Oracle Bug ID of Oracle Banking Deposits and Lines of Credit Servicing", "text": "35576729" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "35576728" }, { "system_name": "Oracle Bug ID of TimesTen In-Memory Database", "text": "35576803" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "35576726" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "35576769" }, { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Universal Banking", "text": "35576782" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35576781" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "35820831" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "35576735" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35576810" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35576777" }, { "system_name": "Oracle Bug ID of Oracle Banking Electronic Data Exchange for Corporates", "text": "35576732" }, { "system_name": "Oracle Bug ID of Oracle Coherence", "text": "35576754" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "35576776" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Charging and Control", "text": "35576775" }, { "system_name": "Oracle Bug ID of Oracle Banking Digital Experience", "text": "35576730" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Analytics Data Director", "text": "35576774" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "35576714" }, { "system_name": "Oracle Bug ID of Oracle Banking Party Management", "text": "35576736" } ], "notes": [ { "category": "description", "text": "Vulnerability in the TimesTen In-Memory Database product of Oracle TimesTen In-Memory Database (component: EM TimesTen plug-in (Netty)). Supported versions that are affected are Prior to 22.1.1.18.0 and Prior to 18.1.4.39.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of TimesTen In-Memory Database. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Netty)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Netty)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Netty)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Netty)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Netty)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Cash Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Deposits and Lines of Credit Servicing product of Oracle Financial Services Applications (component: UI (Netty)). The supported version that is affected is 2.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Deposits and Lines of Credit Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Deposits and Lines of Credit Servicing. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI (Netty)). Supported versions that are affected are 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Electronic Data Exchange for Corporates product of Oracle Financial Services Applications (component: Reports (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Electronic Data Exchange for Corporates. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Electronic Data Exchange for Corporates. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: UI (Netty)). The supported version that is affected is 2.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Party Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party (Netty)). Supported versions that are affected are 14.1.1.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Netty)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Netty)). The supported version that is affected is 23.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (Netty)). The supported version that is affected is 12.0.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Convergent Charging Controller. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Analytics Data Director product of Oracle Communications (component: Third Party (Netty)). The supported version that is affected is 23.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Network Analytics Data Director. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Analytics Data Director. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (Netty)). The supported version that is affected is 12.0.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Charging and Control. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: HTTPGW (Netty)). Supported versions that are affected are 12.0.0.4-12.0.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General (Netty)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Netty)). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14195V-14.5-14.7", "P-13928V-2.7", "P-13718V-14.5-14.7", "P-2025V-6.4.0.0.0", "P-1696V-12.2.1.4.0", "P-2545V-14.1.1.0.0", "P-13487V-14.5-14.7", "P-1870V-Prior to 18.1.4.39.0", "P-1870V-Prior to 22.1.1.18.0", "P-12605V-19.1", "P-13929V-2.7", "P-12985V-12.0.6.0", "P-14547V-23.2.0", "P-10770V-9.0.0-9.0.2", "P-14122V-23.1.3", "P-14121V-23.1.0-23.1.7", "P-13703V-14.5-14.7", "P-14123V-23.1.3", "P-13872V-14.5-14.7", "P-2545V-12.2.1.4.0", "P-5085V-8.59", "P-9742V-12.0.0.4-12.0.0.8", "P-14393V-14.5-14.7", "P-12605V-18.3", "P-12605V-19.2", "P-14277V-23.2.0-23.2.4", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-4623V-12.0.6.0", "P-14325V-14.5-14.7", "P-12605V-22.2", "P-9052V-14.5-14.7", "P-12605V-21.1", "P-12605V-22.1", "P-5085V-8.60", "P-13304V-14.5-14.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-Prior to 18.1.4.39.0", "P-1870V-Prior to 22.1.1.18.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.59", "P-5085V-8.60" ], "url": "https://support.oracle.com/rs?type=doc&id=2978441.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2545V-12.2.1.4.0", "P-1696V-12.2.1.4.0", "P-2545V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978797.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-6.4.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978488.2" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14195V-14.5-14.7", "P-13872V-14.5-14.7", "P-13928V-2.7", "P-13718V-14.5-14.7", "P-14393V-14.5-14.7", "P-13487V-14.5-14.7", "P-12605V-18.3", "P-12605V-19.2", "P-12605V-19.1", "P-14325V-14.5-14.7", "P-12605V-22.2", "P-9052V-14.5-14.7", "P-12605V-21.1", "P-12605V-22.1", "P-13703V-14.5-14.7", "P-13304V-14.5-14.7" ], "url": "https://support.oracle.com" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13929V-2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978283.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-23.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=2978841.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4623V-12.0.6.0", "P-12985V-12.0.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977046.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14547V-23.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978845.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-12.0.0.4-12.0.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2977044.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978836.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1870V-Prior to 18.1.4.39.0", "P-1870V-Prior to 22.1.1.18.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14195V-14.5-14.7", "P-13928V-2.7", "P-13718V-14.5-14.7", "P-2025V-6.4.0.0.0", "P-1696V-12.2.1.4.0", "P-2545V-14.1.1.0.0", "P-13487V-14.5-14.7", "P-12605V-19.1", "P-13929V-2.7", "P-12985V-12.0.6.0", "P-14547V-23.2.0", "P-10770V-9.0.0-9.0.2", "P-14122V-23.1.3", "P-14121V-23.1.0-23.1.7", "P-13703V-14.5-14.7", "P-14123V-23.1.3", "P-13872V-14.5-14.7", "P-2545V-12.2.1.4.0", "P-5085V-8.59", "P-9742V-12.0.0.4-12.0.0.8", "P-14393V-14.5-14.7", "P-12605V-18.3", "P-12605V-19.2", "P-14277V-23.2.0-23.2.4", "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-4623V-12.0.6.0", "P-14325V-14.5-14.7", "P-12605V-22.2", "P-9052V-14.5-14.7", "P-12605V-21.1", "P-12605V-22.1", "P-5085V-8.60", "P-13304V-14.5-14.7" ] } ] }, { "cve": "CVE-2023-34981", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-11528V-2.5 and prior" ] }, { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14069V-22.4.4 and prior" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35627519" }, { "system_name": "Oracle Bug ID of Oracle Agile PLM", "text": "35627504" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35627515" }, { "system_name": "Oracle Bug ID of Graph Server and Client", "text": "35627535" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "35568349" }, { "system_name": "Oracle Bug ID of Oracle Big Data Spatial and Graph", "text": "35533884" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "35627499" }, { "system_name": "Oracle Bug ID of Oracle SD-WAN Edge", "text": "35627543" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "35627532" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Tomcat)). Supported versions that are affected are 5.5.0-5.5.17 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 23.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Management Cloud Engine accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 9.1.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SD-WAN Edge accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Tomcat)). Supported versions that are affected are 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Model Management and Governance accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Graph Server and Client product of Oracle Graph Server and Client (component: Packaging (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Apache Tomcat)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-5.5.0-5.5.17", "P-14121V-23.2.0-23.2.4", "P-13940V-9.1.1.6.0", "P-4461V-9.3.6", "P-14597V-6.0.0-6.0.2", "P-10899V-8.6.0.0", "P-14252V-23.1.0.0", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4", "P-14121V-23.1.0-23.1.8" ], "known_not_affected": [ "P-11528V-2.5 and prior", "P-14069V-22.4.4 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11528V-2.5 and prior", "P-14069V-22.4.4 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-5.5.0-5.5.17", "P-14597V-6.0.0-6.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2977047.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-23.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978834.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4461V-9.3.6" ], "url": "https://support.oracle.com/rs?type=doc&id=2978427.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13940V-9.1.1.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978846.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978843.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.3", "P-14276V-8.1.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2979139.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.4", "P-14121V-23.1.0-23.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-11528V-2.5 and prior", "P-14069V-22.4.4 and prior" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14597V-5.5.0-5.5.17", "P-14121V-23.2.0-23.2.4", "P-13940V-9.1.1.6.0", "P-4461V-9.3.6", "P-14597V-6.0.0-6.0.2", "P-10899V-8.6.0.0", "P-14252V-23.1.0.0", "P-14276V-8.1.2.3", "P-14276V-8.1.2.4", "P-14121V-23.1.0-23.1.8" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-11528V-2.5 and prior" ] }, { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14069V-22.4.4 and prior" ] } ] }, { "cve": "CVE-2023-35001", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844068" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844047" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-35116", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-12753V-Prior to 12.2.0.1.38" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35571653" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "35624765" }, { "system_name": "Oracle Bug ID of Oracle Global Lifecycle Management OPatch", "text": "35585614" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Database Fleet Patching and Provisioning (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Difficult to exploit vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Database Fleet Patching and Provisioning (jackson-databind). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Fleet Patching and Provisioning (jackson-databind). CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Global Lifecycle Management OPatch product of Oracle Global Lifecycle Management (component: Patch Installer (jackson-databind)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (jackson-databind)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-19.3-19.20", "P-5242V-12.2.1.4.0", "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.11", "P-5242V-14.1.1.0.0" ], "known_not_affected": [ "P-12753V-Prior to 12.2.0.1.38" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-19.3-19.20", "P-12753V-Prior to 12.2.0.1.38", "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-19.3-19.20", "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.11" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-12753V-Prior to 12.2.0.1.38" ] }, { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-12753V-Prior to 12.2.0.1.38" ] } ] }, { "cve": "CVE-2023-35788", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844068" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844047" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-35887", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.11" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35619774" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Data Quality", "text": "35731993" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Database Fleet Patching and Provisioning (Apache Mina SSHD) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: General (Apache Mina SSHD)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9464V-12.2.1.4.0" ], "known_not_affected": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9464V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.11" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-9464V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Oracle Database Fleet Patching and Provisioning)V-21.3-21.11" ] } ] }, { "cve": "CVE-2023-3635", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844101" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844095" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Okio)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Okio)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-36479", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35880654" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35880655" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: General (Eclipse Jetty)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General (Eclipse Jetty)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10770V-9.0.0-9.0.2", "P-11052V-9.0.0-9.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978844.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978836.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-10770V-9.0.0-9.0.2", "P-11052V-9.0.0-9.0.2" ] } ] }, { "cve": "CVE-2023-36824", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35654262" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "35654280" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Fraud Detection Monitor (Redis)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install/Upgrade (Redis)). Supported versions that are affected are 23.1.3 and 23.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14118V-23.1.3", "P-10762V-5.1", "P-10762V-5.0", "P-14118V-23.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118V-23.1.3", "P-14118V-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978839.1" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14118V-23.1.3", "P-10762V-5.1", "P-10762V-5.0", "P-14118V-23.3.0" ] } ] }, { "cve": "CVE-2023-3776", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844068" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844047" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-38039", "ids": [ { "system_name": "Oracle Bug ID of Oracle Spatial and Graph (cURL)", "text": "35598911" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Spatial and Graph (cURL) component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Spatial and Graph (cURL). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (cURL). CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-619V-19.3-19.20", "P-619V-21.3-21.11" ] } ] }, { "cve": "CVE-2023-3817", "ids": [ { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "35702874" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "35702876" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35702878" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.1.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.1.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8576(Connector/C++)V-8.1.0 and prior", "P-8576(Connector/ODBC)V-8.1.0 and prior", "P-8480V-8.0.35 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8576(Connector/ODBC)V-8.1.0 and prior", "P-8480V-8.0.35 and prior", "P-8576(Connector/C++)V-8.1.0 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-8576(Connector/ODBC)V-8.1.0 and prior", "P-8480V-8.0.35 and prior", "P-8576(Connector/C++)V-8.1.0 and prior" ] } ] }, { "cve": "CVE-2023-3823", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35743356" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (PHP)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978843.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0" ] } ] }, { "cve": "CVE-2023-3824", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35743356" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (PHP)). The supported version that is affected is 9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10899V-9.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-9.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978843.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10899V-9.0.0.0" ] } ] }, { "cve": "CVE-2023-38325", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-8478V-8.1.1 and prior" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Shell", "text": "35697968" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "35642546" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client (Cryptography)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the OML4Py (cryptography) component of Oracle Database Server. Supported versions that are affected are 21.3-21.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise OML4Py (cryptography). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all OML4Py (cryptography) accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(OML4Py)V-21.3-21.11" ], "known_not_affected": [ "P-8478V-8.1.1 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.1.1 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(OML4Py)V-21.3-21.11" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-8478V-8.1.1 and prior" ] }, { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5(OML4Py)V-21.3-21.11" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-8478V-8.1.1 and prior" ] } ] }, { "cve": "CVE-2023-38408", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Diameter Signaling Router", "text": "35698100" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "35698105" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35698093" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "35698081" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (OpenSSH)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Infrastructure (OpenSSH)). Supported versions that are affected are 5.0 and 5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (OpenSSH)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (OpenSSH)). The supported version that is affected is 12.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-10762V-5.1", "P-10762V-5.0", "P-10899V-8.6.0.0", "P-10900V-12.6.0.0", "P-14121V-23.1.0-23.1.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-5.1", "P-10762V-5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978837.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10899V-8.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978843.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-12.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2979749.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-10762V-5.1", "P-10762V-5.0", "P-10899V-8.6.0.0", "P-10900V-12.6.0.0", "P-14121V-23.1.0-23.1.7" ] } ] }, { "cve": "CVE-2023-38545", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35897778" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (curl)). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior", "P-8478V-5.7.43 and prior", "P-8478V-8.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-5.7.43 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-5.7.43 and prior", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-38546", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35897778" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (curl)). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478V-8.0.34 and prior", "P-8478V-5.7.43 and prior", "P-8478V-8.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478V-8.0.34 and prior", "P-8478V-5.7.43 and prior", "P-8478V-8.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8478V-8.0.34 and prior", "P-8478V-5.7.43 and prior", "P-8478V-8.1.0" ] } ] }, { "cve": "CVE-2023-39017", "ids": [ { "system_name": "Oracle Bug ID of Oracle Retail Customer Management and Segmentation Foundation", "text": "35774586" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Operations (Quartz)). Supported versions that are affected are 18.0.0.13 and 19.0.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13388V-18.0.0.13", "P-13388V-19.0.0.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13388V-18.0.0.13", "P-13388V-19.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2975532.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13388V-18.0.0.13", "P-13388V-19.0.0.7" ] } ] }, { "cve": "CVE-2023-39022", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebCenter Portal", "text": "35696626" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Discussion Forums (OSCORE)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1696V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1696V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2978467.2" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1696V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-4004", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844068" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844047" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (Oracle Linux Software Collections)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-40167", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35880654" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35880655" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: General (Eclipse Jetty)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General (Eclipse Jetty)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10770V-9.0.0-9.0.2", "P-11052V-9.0.0-9.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978844.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978836.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-10770V-9.0.0-9.0.2", "P-11052V-9.0.0-9.0.2" ] } ] }, { "cve": "CVE-2023-4039", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "35844067" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "35844058" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install/Upgrade (GCC Arm Aarch64 binary)). Supported versions that are affected are 23.1.0-23.1.8 and 23.2.0-23.2.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (GCC Arm Aarch64 binary)). Supported versions that are affected are 23.1.0-23.1.7 and 23.2.0-23.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Binding Support Function accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-23.1.0-23.1.8", "P-14277V-23.2.0-23.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=2978840.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-23.2.0-23.2.2", "P-14121V-23.1.0-23.1.7" ], "url": "https://support.oracle.com/rs?type=doc&id=2978795.1" } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14121V-23.2.0-23.2.2", "P-14277V-23.1.0-23.1.8", "P-14121V-23.1.0-23.1.7", "P-14277V-23.2.0-23.2.4" ] } ] }, { "cve": "CVE-2023-41080", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-11528V-2.5 and prior" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Enterprise Monitor", "text": "35791402" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35791418" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35791417" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "35791416" }, { "system_name": "Oracle Bug ID of Oracle Big Data Spatial and Graph", "text": "35533884" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Tomcat)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Session Report Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Session Report Manager accessible data as well as unauthorized read access to a subset of Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Tomcat)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Element Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Element Manager accessible data as well as unauthorized read access to a subset of Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data as well as unauthorized read access to a subset of MySQL Enterprise Monitor accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: CMP (Apache Tomcat)). The supported version that is affected is 12.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Policy Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11052V-9.0.0-9.0.2", "P-10900V-12.6.0.0", "P-10770V-9.0.0-9.0.2", "P-8480V-8.0.35 and prior" ], "known_not_affected": [ "P-11528V-2.5 and prior" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11528V-2.5 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978844.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8480V-8.0.35 and prior" ], "url": "https://support.oracle.com/rs?type=doc&id=2977667.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-12.6.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=2979749.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-11528V-2.5 and prior" ] }, { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-10770V-9.0.0-9.0.2", "P-8480V-8.0.35 and prior", "P-11052V-9.0.0-9.0.2", "P-10900V-12.6.0.0" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-11528V-2.5 and prior" ] } ] }, { "cve": "CVE-2023-41900", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "35880654" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "35880655" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: General (Eclipse Jetty)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: General (Eclipse Jetty)). Supported versions that are affected are 9.0.0-9.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10770V-9.0.0-9.0.2", "P-11052V-9.0.0-9.0.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978836.1" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=2978844.1" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-10770V-9.0.0-9.0.2", "P-11052V-9.0.0-9.0.2" ] } ] }, { "cve": "CVE-2023-42503", "flags": [ { "date": "2023-10-17T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-12753V-Prior to 12.2.0.1.40" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Global Lifecycle Management OPatch", "text": "35853078" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Global Lifecycle Management OPatch product of Oracle Global Lifecycle Management (component: Patch Installer (Apache Commons Compress)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-12753V-Prior to 12.2.0.1.40" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12753V-Prior to 12.2.0.1.40" ], "url": "https://support.oracle.com/rs?type=doc&id=2966413.1" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-12753V-Prior to 12.2.0.1.40" ] } ], "threats": [ { "category": "impact", "date": "2023-10-17T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-12753V-Prior to 12.2.0.1.40" ] } ] } ] }