{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Oracle. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp" } }, "lang": "en", "publisher": { "category": "vendor", "name": "Oracle", "namespace": "https://www.oracle.com" }, "references": [ { "summary": "URL to html version of Advisory", "url": "https://www.oracle.com/security-alerts/cpuapr2026.html" }, { "category": "self", "summary": "URL to CSAF version of Advisory", "url": "https://www.oracle.com/docs/tech/security-alerts/cpuapr2026csaf.json" } ], "title": "Oracle Critical Patch Update Advisory - April 2026 - Oracle CSAF", "tracking": { "current_release_date": "2026-04-21T13:00:00-07:00", "id": "CPUApr2026csaf", "initial_release_date": "2026-04-21T13:00:00-07:00", "revision_history": [ { "date": "2026-04-21T13:00:00-07:00", "number": "1", "summary": "Initial Release." } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Application Express Version 23.2.20", "product": { "name": "Oracle Application Express Version 23.2.20", "product_id": "P-1348V-23.2.20", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:23.2.20:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Express Version 23.2.21", "product": { "name": "Oracle Application Express Version 23.2.21", "product_id": "P-1348V-23.2.21", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:23.2.21:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Express Version 24.1.15", "product": { "name": "Oracle Application Express Version 24.1.15", "product_id": "P-1348V-24.1.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:24.1.15:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Express Version 24.1.16", "product": { "name": "Oracle Application Express Version 24.1.16", "product_id": "P-1348V-24.1.16", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:24.1.16:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Express Version 24.2.13", "product": { "name": "Oracle Application Express Version 24.2.13", "product_id": "P-1348V-24.2.13", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:24.2.13:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Express Version 24.2.15", "product": { "name": "Oracle Application Express Version 24.2.15", "product_id": "P-1348V-24.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_express:24.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Application Express" } ], "category": "product_family", "name": "Oracle APEX" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Adapter for Eclipse RDF4J Version 21.1.8", "product": { "name": "Oracle Adapter for Eclipse RDF4J Version 21.1.8", "product_id": "P-14286V-21.1.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:adapter_for_eclipse_rdf4j:21.1.8:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Adapter for Eclipse RDF4J Version 24.1.0", "product": { "name": "Oracle Adapter for Eclipse RDF4J Version 24.1.0", "product_id": "P-14286V-24.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:adapter_for_eclipse_rdf4j:24.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Adapter for Eclipse RDF4J Version 3.12.0", "product": { "name": "Oracle Adapter for Eclipse RDF4J Version 3.12.0", "product_id": "P-14286V-3.12.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:adapter_for_eclipse_rdf4j:3.12.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Adapter for Eclipse RDF4J" } ], "category": "product_family", "name": "Oracle Adapter for Eclipse RDF4J" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle BI Publisher Version 7.6.0.0.0", "product": { "name": "Oracle BI Publisher Version 7.6.0.0.0", "product_id": "P-1479V-7.6.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle BI Publisher Version 8.2.0.0.0", "product": { "name": "Oracle BI Publisher Version 8.2.0.0.0", "product_id": "P-1479V-8.2.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:bi_publisher:8.2.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle BI Publisher" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 7.6.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 7.6.0.0.0", "product_id": "P-2025V-7.6.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*" } } }, { "category": "product_version", "name": "Oracle Business Intelligence Enterprise Edition Version 8.2.0.0.0", "product": { "name": "Oracle Business Intelligence Enterprise Edition Version 8.2.0.0.0", "product_id": "P-2025V-8.2.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:business_intelligence:8.2.0.0.0:*:*:*:enterprise:*:*:*" } } } ], "category": "product_name", "name": "Oracle Business Intelligence Enterprise Edition" } ], "category": "product_family", "name": "Oracle Analytics" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Autonomous Health Framework Version 25.11", "product": { "name": "Oracle Autonomous Health Framework Version 25.11", "product_id": "P-14634V-25.11", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.11:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Autonomous Health Framework Version 25.11-26.1", "product": { "name": "Oracle Autonomous Health Framework Version 25.11-26.1", "product_id": "P-14634V-25.11-26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:autonomous_health_framework:25.11-26.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Autonomous Health Framework" } ], "category": "product_family", "name": "Oracle Autonomous Health Framework" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Blockchain Platform Version 24.1.3", "product": { "name": "Oracle Blockchain Platform Version 24.1.3", "product_id": "P-13444V-24.1.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:blockchain_platform:24.1.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Blockchain Platform" } ], "category": "product_family", "name": "Oracle Blockchain Platform" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Commerce Guided Search(Content Acquisition System, Endeca Application Controller, Experience Manager) Version 11.4.0", "product": { "name": "Oracle Commerce Guided Search(Content Acquisition System, Endeca Application Controller, Experience Manager) Version 11.4.0", "product_id": "P-9633(Content Acquisition System, Endeca Application Controller, Experience Manager)V-11.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_guided_search:11.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Commerce Guided Search(Endeca Application Controller) Version 11.4.0", "product": { "name": "Oracle Commerce Guided Search(Endeca Application Controller) Version 11.4.0", "product_id": "P-9633(Endeca Application Controller)V-11.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_guided_search:11.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Commerce Guided Search(Experience Manager) Version 11.4.0", "product": { "name": "Oracle Commerce Guided Search(Experience Manager) Version 11.4.0", "product_id": "P-9633(Experience Manager)V-11.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:commerce_guided_search:11.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Commerce Guided Search" } ], "category": "product_family", "name": "Oracle Commerce" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Management Cloud Engine Version 25.2.0.0.0", "product": { "name": "Management Cloud Engine Version 25.2.0.0.0", "product_id": "P-14252V-25.2.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:management_cloud_engine:25.2.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Management Cloud Engine" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications BRM - Elastic Charging Engine Version 15.0.0.0-15.0.1.0", "product": { "name": "Oracle Communications BRM - Elastic Charging Engine Version 15.0.0.0-15.0.1.0", "product_id": "P-9742V-15.0.0.0-15.0.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0-15.0.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications BRM - Elastic Charging Engine Version 15.1.0.0-15.2.0.0", "product": { "name": "Oracle Communications BRM - Elastic Charging Engine Version 15.1.0.0-15.2.0.0", "product_id": "P-9742V-15.1.0.0-15.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.1.0.0-15.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications BRM - Elastic Charging Engine" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Billing and Revenue Management(Platform) Version 15.0.0.0.0-15.0.1.0.0", "product": { "name": "Oracle Communications Billing and Revenue Management(Platform) Version 15.0.0.0.0-15.0.1.0.0", "product_id": "P-2136(Platform)V-15.0.0.0.0-15.0.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0-15.0.1.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Billing and Revenue Management(Platform) Version 15.1.0.0.0-15.2.0.0.0", "product": { "name": "Oracle Communications Billing and Revenue Management(Platform) Version 15.1.0.0.0-15.2.0.0.0", "product_id": "P-2136(Platform)V-15.1.0.0.0-15.2.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.1.0.0.0-15.2.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Billing and Revenue Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Binding Support Function Version 25.1.200", "product": { "name": "Oracle Communications Cloud Native Core Binding Support Function Version 25.1.200", "product_id": "P-14121V-25.1.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:25.1.200:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Binding Support Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Certificate Management Version 25.1.201", "product": { "name": "Oracle Communications Cloud Native Core Certificate Management Version 25.1.201", "product_id": "P-14868V-25.1.201", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:25.1.201:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Certificate Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Console Version 25.1.201", "product": { "name": "Oracle Communications Cloud Native Core Console Version 25.1.201", "product_id": "P-14250V-25.1.201", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_console:25.1.201:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Console" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core DBTier Version 25.1.200", "product": { "name": "Oracle Communications Cloud Native Core DBTier Version 25.1.200", "product_id": "P-14974V-25.1.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:25.1.200:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core DBTier Version 25.2.100", "product": { "name": "Oracle Communications Cloud Native Core DBTier Version 25.2.100", "product_id": "P-14974V-25.2.100", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:25.2.100:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core DBTier" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 24.2.1", "product": { "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 24.2.1", "product_id": "P-14122V-24.2.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:24.2.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 24.2.4", "product": { "name": "Oracle Communications Cloud Native Core Network Exposure Function Version 24.2.4", "product_id": "P-14122V-24.2.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:24.2.4:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Exposure Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 25.1.200", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 25.1.200", "product_id": "P-14125V-25.1.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:25.1.200:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 25.2.200", "product": { "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment Version 25.2.200", "product_id": "P-14125V-25.2.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:25.2.200:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function(Install) Version 25.1.204", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function(Install) Version 25.1.204", "product_id": "P-14118(Install)V-25.1.204", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:25.1.204:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Repository Function(Signaling) Version 25.1.204", "product": { "name": "Oracle Communications Cloud Native Core Network Repository Function(Signaling) Version 25.1.204", "product_id": "P-14118(Signaling)V-25.1.204", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:25.1.204:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Repository Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 25.1.100", "product": { "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 25.1.100", "product_id": "P-14130V-25.1.100", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:25.1.100:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 25.1.200", "product": { "name": "Oracle Communications Cloud Native Core Network Slice Selection Function Version 25.1.200", "product_id": "P-14130V-25.1.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:25.1.200:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Network Slice Selection Function" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Policy Version 25.1.200", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 25.1.200", "product_id": "P-14277V-25.1.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:25.1.200:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Policy Version 25.1.201", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 25.1.201", "product_id": "P-14277V-25.1.201", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:25.1.201:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Policy Version 25.1.202", "product": { "name": "Oracle Communications Cloud Native Core Policy Version 25.1.202", "product_id": "P-14277V-25.1.202", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:25.1.202:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Policy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 25.1.200", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 25.1.200", "product_id": "P-14123V-25.1.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:25.1.200:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 25.1.201", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 25.1.201", "product_id": "P-14123V-25.1.201", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:25.1.201:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 25.2.100", "product": { "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy Version 25.2.100", "product_id": "P-14123V-25.2.100", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:25.2.100:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 25.1.100", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 25.1.100", "product_id": "P-14117V-25.1.100", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:25.1.100:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy(Install) Version 25.1.200", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy(Install) Version 25.1.200", "product_id": "P-14117(Install)V-25.1.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:25.1.200:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy(Signaling) Version 25.1.200", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy(Signaling) Version 25.1.200", "product_id": "P-14117(Signaling)V-25.1.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:25.1.200:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 25.1.200", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 25.1.200", "product_id": "P-14117V-25.1.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:25.1.200:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 25.1.202", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 25.1.202", "product_id": "P-14117V-25.1.202", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:25.1.202:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 25.2.100", "product": { "name": "Oracle Communications Cloud Native Core Service Communication Proxy Version 25.2.100", "product_id": "P-14117V-25.2.100", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:25.2.100:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Service Communication Proxy" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 25.1.100", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 25.1.100", "product_id": "P-14119V-25.1.100", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:25.1.100:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 25.1.200", "product": { "name": "Oracle Communications Cloud Native Core Unified Data Repository Version 25.1.200", "product_id": "P-14119V-25.1.200", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:25.1.200:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Cloud Native Core Unified Data Repository" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Convergence Version 3.0.3.4.0", "product": { "name": "Oracle Communications Convergence Version 3.0.3.4.0", "product_id": "P-8501V-3.0.3.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_convergence:3.0.3.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Convergence" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications EAGLE Version 47.0", "product": { "name": "Oracle Communications EAGLE Version 47.0", "product_id": "P-10768V-47.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_eagle:47.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications EAGLE" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications EAGLE Application Processor Version 17.0", "product": { "name": "Oracle Communications EAGLE Application Processor Version 17.0", "product_id": "P-11122V-17.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_eagle_application_processor:17.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications EAGLE Application Processor Version 17.0-17.1", "product": { "name": "Oracle Communications EAGLE Application Processor Version 17.0-17.1", "product_id": "P-11122V-17.0-17.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_eagle_application_processor:17.0-17.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications EAGLE Application Processor" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications EAGLE Element Management System Version 47.0.0.1.0", "product": { "name": "Oracle Communications EAGLE Element Management System Version 47.0.0.1.0", "product_id": "P-11125V-47.0.0.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_eagle_element_management_system:47.0.0.1.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications EAGLE Element Management System" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications EAGLE LNP Application Processor Version 11.0", "product": { "name": "Oracle Communications EAGLE LNP Application Processor Version 11.0", "product_id": "P-11118V-11.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:11.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications EAGLE LNP Application Processor" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Element Manager Version 9.0.0-9.0.4", "product": { "name": "Oracle Communications Element Manager Version 9.0.0-9.0.4", "product_id": "P-11052V-9.0.0-9.0.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_element_manager:9.0.0-9.0.4:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Element Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Instant Messaging Server Version 10.0.1.8.0", "product": { "name": "Oracle Communications Instant Messaging Server Version 10.0.1.8.0", "product_id": "P-8495V-10.0.1.8.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.8.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Instant Messaging Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications LSMS Version 14.0", "product": { "name": "Oracle Communications LSMS Version 14.0", "product_id": "P-11114V-14.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_lsms:14.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications LSMS" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Messaging Server Version 8.1.0.0.0", "product": { "name": "Oracle Communications Messaging Server Version 8.1.0.0.0", "product_id": "P-8496V-8.1.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Messaging Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Network Integrity Version 7.3.6", "product": { "name": "Oracle Communications Network Integrity Version 7.3.6", "product_id": "P-4491V-7.3.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Network Integrity Version 7.4.0", "product": { "name": "Oracle Communications Network Integrity Version 7.4.0", "product_id": "P-4491V-7.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Network Integrity Version 7.5.0", "product": { "name": "Oracle Communications Network Integrity Version 7.5.0", "product_id": "P-4491V-7.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_integrity:7.5.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Network Integrity Version 8.0.0", "product": { "name": "Oracle Communications Network Integrity Version 8.0.0", "product_id": "P-4491V-8.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_network_integrity:8.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Network Integrity" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Offline Mediation Controller Version 15.0.0.0.0-15.0.1.0.0", "product": { "name": "Oracle Communications Offline Mediation Controller Version 15.0.0.0.0-15.0.1.0.0", "product_id": "P-2269V-15.0.0.0.0-15.0.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.0.0.0-15.0.1.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Offline Mediation Controller Version 15.1.0.0.0-15.2.0.0.0", "product": { "name": "Oracle Communications Offline Mediation Controller Version 15.1.0.0.0-15.2.0.0.0", "product_id": "P-2269V-15.1.0.0.0-15.2.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.1.0.0.0-15.2.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Offline Mediation Controller" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Operations Monitor Version 5.2", "product": { "name": "Oracle Communications Operations Monitor Version 5.2", "product_id": "P-10761V-5.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Operations Monitor Version 6.0", "product": { "name": "Oracle Communications Operations Monitor Version 6.0", "product_id": "P-10761V-6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Operations Monitor Version 6.1", "product": { "name": "Oracle Communications Operations Monitor Version 6.1", "product_id": "P-10761V-6.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_operations_monitor:6.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Operations Monitor" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 7.5.0", "product": { "name": "Oracle Communications Order and Service Management Version 7.5.0", "product_id": "P-2270V-7.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Order and Service Management Version 8.0.0", "product": { "name": "Oracle Communications Order and Service Management Version 8.0.0", "product_id": "P-2270V-8.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_order_and_service_management:8.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Order and Service Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Performance Intelligence Center Version 10.5.0.0-10.5.0.2", "product": { "name": "Oracle Communications Performance Intelligence Center Version 10.5.0.0-10.5.0.2", "product_id": "P-11044V-10.5.0.0-10.5.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.5.0.0-10.5.0.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Performance Intelligence Center" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Policy Management Version 15.0.0.0.0", "product": { "name": "Oracle Communications Policy Management Version 15.0.0.0.0", "product_id": "P-10900V-15.0.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Policy Management Version 15.0.0.1.0", "product": { "name": "Oracle Communications Policy Management Version 15.0.0.1.0", "product_id": "P-10900V-15.0.0.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_policy_management:15.0.0.1.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Policy Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Service Catalog and Design Version 8.0.0.6.0", "product": { "name": "Oracle Communications Service Catalog and Design Version 8.0.0.6.0", "product_id": "P-2283V-8.0.0.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Service Catalog and Design Version 8.1.0.5.0", "product": { "name": "Oracle Communications Service Catalog and Design Version 8.1.0.5.0", "product_id": "P-2283V-8.1.0.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.5.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Service Catalog and Design Version 8.2.0.2.0", "product": { "name": "Oracle Communications Service Catalog and Design Version 8.2.0.2.0", "product_id": "P-2283V-8.2.0.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.2.0.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Service Catalog and Design" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Session Border Controller Version 10.0.0", "product": { "name": "Oracle Communications Session Border Controller Version 10.0.0", "product_id": "P-10750V-10.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:10.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Session Border Controller Version 10.1.0", "product": { "name": "Oracle Communications Session Border Controller Version 10.1.0", "product_id": "P-10750V-10.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:10.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Session Border Controller Version 9.3.0", "product": { "name": "Oracle Communications Session Border Controller Version 9.3.0", "product_id": "P-10750V-9.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Session Border Controller" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Communications Session Report Manager Version 9.0.0-9.0.4", "product": { "name": "Oracle Communications Session Report Manager Version 9.0.0-9.0.4", "product_id": "P-10770V-9.0.0-9.0.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0-9.0.4:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Session Report Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Unified Assurance Version 6.1.1", "product": { "name": "Oracle Communications Unified Assurance Version 6.1.1", "product_id": "P-14597V-6.1.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.1.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Unified Assurance Version 6.1.1-7.0.0", "product": { "name": "Oracle Communications Unified Assurance Version 6.1.1-7.0.0", "product_id": "P-14597V-6.1.1-7.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:6.1.1-7.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Assurance Version 7.0.0", "product": { "name": "Oracle Communications Unified Assurance Version 7.0.0", "product_id": "P-14597V-7.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_assurance:7.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Unified Assurance" }, { "branches": [ { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.5.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.5.0", "product_id": "P-4516V-7.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Unified Inventory Management Version 7.5.0-7.5.1", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.5.0-7.5.1", "product_id": "P-4516V-7.5.0-7.5.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0-7.5.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.5.1", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.5.1", "product_id": "P-4516V-7.5.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.6.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.6.0", "product_id": "P-4516V-7.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Communications Unified Inventory Management Version 7.6.0-7.8.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.6.0-7.8.0", "product_id": "P-4516V-7.6.0-7.8.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.6.0-7.8.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.7.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.7.0", "product_id": "P-4516V-7.7.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.7.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 7.8.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 7.8.0", "product_id": "P-4516V-7.8.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.8.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Communications Unified Inventory Management Version 8.0.0", "product": { "name": "Oracle Communications Unified Inventory Management Version 8.0.0", "product_id": "P-4516V-8.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:communications_unified_inventory_management:8.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Communications Unified Inventory Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Communications Broker Version 4.2.0", "product": { "name": "Oracle Enterprise Communications Broker Version 4.2.0", "product_id": "P-10758V-4.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_communications_broker:4.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Communications Broker Version 5.0.0", "product": { "name": "Oracle Enterprise Communications Broker Version 5.0.0", "product_id": "P-10758V-5.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_communications_broker:5.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Enterprise Communications Broker" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Operations Monitor Version 6.1.0.0.0", "product": { "name": "Oracle Enterprise Operations Monitor Version 6.1.0.0.0", "product_id": "P-10762V-6.1.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_operations_monitor:6.1.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Enterprise Operations Monitor" } ], "category": "product_family", "name": "Oracle Communications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 21.12.0.0-21.12.21.6", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 21.12.0.0-21.12.21.6", "product_id": "P-5579V-21.12.0.0-21.12.21.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0-21.12.21.6:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.0.0-22.12.21.1", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 22.12.0.0-22.12.21.1", "product_id": "P-5579V-22.12.0.0-22.12.21.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:22.12.0.0-22.12.21.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 23.12.0.0-23.12.18.0", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 23.12.0.0-23.12.18.0", "product_id": "P-5579V-23.12.0.0-23.12.18.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:23.12.0.0-23.12.18.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 24.12.0.0-24.12.13.0", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 24.12.0.0-24.12.13.0", "product_id": "P-5579V-24.12.0.0-24.12.13.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:24.12.0.0-24.12.13.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Primavera P6 Enterprise Project Portfolio Management Version 25.12.0.0", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 25.12.0.0", "product_id": "P-5579V-25.12.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:25.12.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera P6 Enterprise Project Portfolio Management Version 25.12.0.0-25.12.2.0", "product": { "name": "Primavera P6 Enterprise Project Portfolio Management Version 25.12.0.0-25.12.2.0", "product_id": "P-5579V-25.12.0.0-25.12.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:25.12.0.0-25.12.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Primavera P6 Enterprise Project Portfolio Management" }, { "branches": [ { "category": "product_version_range", "name": "Primavera Unifier Version 21.12.0-21.12.17", "product": { "name": "Primavera Unifier Version 21.12.0-21.12.17", "product_id": "P-10354V-21.12.0-21.12.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_unifier:21.12.0-21.12.17:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera Unifier Version 22.12.0-22.12.15", "product": { "name": "Primavera Unifier Version 22.12.0-22.12.15", "product_id": "P-10354V-22.12.0-22.12.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_unifier:22.12.0-22.12.15:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera Unifier Version 23.12.0-23.12.16", "product": { "name": "Primavera Unifier Version 23.12.0-23.12.16", "product_id": "P-10354V-23.12.0-23.12.16", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_unifier:23.12.0-23.12.16:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera Unifier Version 24.12.0-24.12.13", "product": { "name": "Primavera Unifier Version 24.12.0-24.12.13", "product_id": "P-10354V-24.12.0-24.12.13", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_unifier:24.12.0-24.12.13:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Primavera Unifier Version 25.12.0-25.12.3", "product": { "name": "Primavera Unifier Version 25.12.0-25.12.3", "product_id": "P-10354V-25.12.0-25.12.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:primavera_unifier:25.12.0-25.12.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Primavera Unifier" } ], "category": "product_family", "name": "Oracle Construction and Engineering" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Database Server(Java VM) Version 12.1.0.2.0", "product": { "name": "Oracle Database Server(Java VM) Version 12.1.0.2.0", "product_id": "P-5(Java VM)V-12.1.0.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_java_vm:12.1.0.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Database Server(Java VM) Version 12.2.0.1.0", "product": { "name": "Oracle Database Server(Java VM) Version 12.2.0.1.0", "product_id": "P-5(Java VM)V-12.2.0.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_java_vm:12.2.0.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Clusterware) Version 19.3-19.30", "product": { "name": "Oracle Database Server(Clusterware) Version 19.3-19.30", "product_id": "P-5(Clusterware)V-19.3-19.30", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_clusterware:19.3-19.30:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Data Mining) Version 19.3-19.30", "product": { "name": "Oracle Database Server(Data Mining) Version 19.3-19.30", "product_id": "P-5(Data Mining)V-19.3-19.30", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_data_mining:19.3-19.30:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 19.3-19.30", "product": { "name": "Oracle Database Server(Java VM) Version 19.3-19.30", "product_id": "P-5(Java VM)V-19.3-19.30", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.30:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(RDBMS) Version 19.3-19.30", "product": { "name": "Oracle Database Server(RDBMS) Version 19.3-19.30", "product_id": "P-5(RDBMS)V-19.3-19.30", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_rdbms:19.3-19.30:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(SQLcl) Version 19.3-19.30", "product": { "name": "Oracle Database Server(SQLcl) Version 19.3-19.30", "product_id": "P-5(SQLcl)V-19.3-19.30", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_sqlcl:19.3-19.30:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Data Mining) Version 21.3-21.21", "product": { "name": "Oracle Database Server(Data Mining) Version 21.3-21.21", "product_id": "P-5(Data Mining)V-21.3-21.21", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_data_mining:21.3-21.21:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Database) Version 21.3-21.21", "product": { "name": "Oracle Database Server(Database) Version 21.3-21.21", "product_id": "P-5(Database)V-21.3-21.21", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_database:21.3-21.21:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(GraalVM Multilingual Engine) Version 21.3-21.21", "product": { "name": "Oracle Database Server(GraalVM Multilingual Engine) Version 21.3-21.21", "product_id": "P-5(GraalVM Multilingual Engine)V-21.3-21.21", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:21.3-21.21:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Java VM) Version 21.3-21.21", "product": { "name": "Oracle Database Server(Java VM) Version 21.3-21.21", "product_id": "P-5(Java VM)V-21.3-21.21", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.21:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(RDBMS) Version 21.3-21.21", "product": { "name": "Oracle Database Server(RDBMS) Version 21.3-21.21", "product_id": "P-5(RDBMS)V-21.3-21.21", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_rdbms:21.3-21.21:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(SQLcl) Version 21.3-21.21", "product": { "name": "Oracle Database Server(SQLcl) Version 21.3-21.21", "product_id": "P-5(SQLcl)V-21.3-21.21", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_sqlcl:21.3-21.21:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Clusterware) Version 23.4.0-23.26.1", "product": { "name": "Oracle Database Server(Clusterware) Version 23.4.0-23.26.1", "product_id": "P-5(Clusterware)V-23.4.0-23.26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_clusterware:23.4.0-23.26.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Data Mining) Version 23.4.0-23.26.1", "product": { "name": "Oracle Database Server(Data Mining) Version 23.4.0-23.26.1", "product_id": "P-5(Data Mining)V-23.4.0-23.26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_data_mining:23.4.0-23.26.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(GraalVM Multilingual Engine) Version 23.4.0-23.26.1", "product": { "name": "Oracle Database Server(GraalVM Multilingual Engine) Version 23.4.0-23.26.1", "product_id": "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:23.4.0-23.26.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(RDBMS) Version 23.4.0-23.26.1", "product": { "name": "Oracle Database Server(RDBMS) Version 23.4.0-23.26.1", "product_id": "P-5(RDBMS)V-23.4.0-23.26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_rdbms:23.4.0-23.26.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(SQLcl) Version 23.4.0-23.26.1", "product": { "name": "Oracle Database Server(SQLcl) Version 23.4.0-23.26.1", "product_id": "P-5(SQLcl)V-23.4.0-23.26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_sqlcl:23.4.0-23.26.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(XML Database) Version 23.4.0-23.26.1", "product": { "name": "Oracle Database Server(XML Database) Version 23.4.0-23.26.1", "product_id": "P-5(XML Database)V-23.4.0-23.26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_xml_database:23.4.0-23.26.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Database Server(Spatial and Graph) Version 23.4.0-23.26.1", "product": { "name": "Oracle Database Server(Spatial and Graph) Version 23.4.0-23.26.1", "product_id": "P-619(Spatial and Graph)V-23.4.0-23.26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_-_spatial_and_graph:23.4.0-23.26.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Database Server" } ], "category": "product_family", "name": "Oracle Database Server" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Advanced Inbound Telephony Version 12.2.3-12.2.15", "product": { "name": "Oracle Advanced Inbound Telephony Version 12.2.3-12.2.15", "product_id": "P-265V-12.2.3-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:advanced_inbound_telephony:12.2.3-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Advanced Inbound Telephony" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Advanced Supply Chain Planning Version 12.2.3-12.2.15", "product": { "name": "Oracle Advanced Supply Chain Planning Version 12.2.3-12.2.15", "product_id": "P-719V-12.2.3-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2.3-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Advanced Supply Chain Planning" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Applications DBA Version 12.2.3-12.2.15", "product": { "name": "Oracle Applications DBA Version 12.2.3-12.2.15", "product_id": "P-166V-12.2.3-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:applications_dba:12.2.3-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Applications DBA" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Applications Framework Version 12.2.9-12.2.15", "product": { "name": "Oracle Applications Framework Version 12.2.9-12.2.15", "product_id": "P-1472V-12.2.9-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:applications_framework:12.2.9-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Applications Framework" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Configurator Version 12.2.3-12.2.15", "product": { "name": "Oracle Configurator Version 12.2.3-12.2.15", "product_id": "P-31V-12.2.3-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:configurator:12.2.3-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Configurator" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Command Center Framework Version 15.0", "product": { "name": "Oracle Enterprise Command Center Framework Version 15.0", "product_id": "P-13788V-15.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_command_center_framework:15.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Enterprise Command Center Framework" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Flow Manufacturing Version 12.2.3-12.2.15", "product": { "name": "Oracle Flow Manufacturing Version 12.2.3-12.2.15", "product_id": "P-300V-12.2.3-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:flow_manufacturing:12.2.3-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Flow Manufacturing" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Global Order Promising Version 12.2.3-12.2.15", "product": { "name": "Oracle Global Order Promising Version 12.2.3-12.2.15", "product_id": "P-729V-12.2.3-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:global_order_promising:12.2.3-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Global Order Promising" }, { "branches": [ { "category": "product_version_range", "name": "Oracle HCM Common Architecture Version 12.2.3-12.2.15", "product": { "name": "Oracle HCM Common Architecture Version 12.2.3-12.2.15", "product_id": "P-2021V-12.2.3-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:hcm_common_architecture:12.2.3-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle HCM Common Architecture" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Rapid Planning Version 12.2.3-12.2.15", "product": { "name": "Oracle Rapid Planning Version 12.2.3-12.2.15", "product_id": "P-5235V-12.2.3-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rapid_planning:12.2.3-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Rapid Planning" }, { "branches": [ { "category": "product_version_range", "name": "Oracle User Management Version 12.2.7-12.2.15", "product": { "name": "Oracle User Management Version 12.2.7-12.2.15", "product_id": "P-1475V-12.2.7-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:user_management:12.2.7-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle User Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Workflow Version 12.2.3-12.2.15", "product": { "name": "Oracle Workflow Version 12.2.3-12.2.15", "product_id": "P-174V-12.2.3-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:workflow:12.2.3-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Workflow" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Yard Management Version 12.2.4-12.2.15", "product": { "name": "Oracle Yard Management Version 12.2.4-12.2.15", "product_id": "P-10485V-12.2.4-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:yard_management:12.2.4-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Yard Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle iProcurement Version 12.2.3-12.2.15", "product": { "name": "Oracle iProcurement Version 12.2.3-12.2.15", "product_id": "P-398V-12.2.3-12.2.15", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:iprocurement:12.2.3-12.2.15:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle iProcurement" } ], "category": "product_family", "name": "Oracle E-Business Suite" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Application Testing Suite Version 13.3.0.1", "product": { "name": "Oracle Application Testing Suite Version 13.3.0.1", "product_id": "P-4622V-13.3.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Application Testing Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Configuration Manager Version 13.5", "product": { "name": "Oracle Configuration Manager Version 13.5", "product_id": "P-1967V-13.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:configuration_manager:13.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Configuration Manager Version 24.1", "product": { "name": "Oracle Configuration Manager Version 24.1", "product_id": "P-1967V-24.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:configuration_manager:24.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Configuration Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform(Agent Next Gen) Version 13.5", "product": { "name": "Oracle Enterprise Manager Base Platform(Agent Next Gen) Version 13.5", "product_id": "P-1370(Agent Next Gen)V-13.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform(Enterprise Manager Install) Version 13.5", "product": { "name": "Oracle Enterprise Manager Base Platform(Enterprise Manager Install) Version 13.5", "product_id": "P-1370(Enterprise Manager Install)V-13.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform(Oracle Management Service) Version 13.5", "product": { "name": "Oracle Enterprise Manager Base Platform(Oracle Management Service) Version 13.5", "product_id": "P-1370(Oracle Management Service)V-13.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform Version 13.5", "product": { "name": "Oracle Enterprise Manager Base Platform Version 13.5", "product_id": "P-1370V-13.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform(Agent Next Gen) Version 24.1", "product": { "name": "Oracle Enterprise Manager Base Platform(Agent Next Gen) Version 24.1", "product_id": "P-1370(Agent Next Gen)V-24.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform(Enterprise Manager Install) Version 24.1", "product": { "name": "Oracle Enterprise Manager Base Platform(Enterprise Manager Install) Version 24.1", "product_id": "P-1370(Enterprise Manager Install)V-24.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform(Oracle Management Service) Version 24.1", "product": { "name": "Oracle Enterprise Manager Base Platform(Oracle Management Service) Version 24.1", "product_id": "P-1370(Oracle Management Service)V-24.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Manager Base Platform Version 24.1", "product": { "name": "Oracle Enterprise Manager Base Platform Version 24.1", "product_id": "P-1370V-24.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Enterprise Manager Base Platform" }, { "branches": [ { "category": "product_version", "name": "Oracle Enterprise Manager for Fusion Middleware(Infrastructure Management) Version 13.5", "product": { "name": "Oracle Enterprise Manager for Fusion Middleware(Infrastructure Management) Version 13.5", "product_id": "P-1369(Infrastructure Management)V-13.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Enterprise Manager for Fusion Middleware(Infrastructure Management) Version 24.1", "product": { "name": "Oracle Enterprise Manager for Fusion Middleware(Infrastructure Management) Version 24.1", "product_id": "P-1369(Infrastructure Management)V-24.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:24.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Enterprise Manager for Fusion Middleware" } ], "category": "product_family", "name": "Oracle Enterprise Manager" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Essbase Version 21.8.1.0.0", "product": { "name": "Oracle Essbase Version 21.8.1.0.0", "product_id": "P-4379V-21.8.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:essbase:21.8.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Essbase" } ], "category": "product_family", "name": "Oracle Essbase" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Branch Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Branch Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-14324V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_branch:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Branch" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Cash Management Version 14.8.2.0.0", "product": { "name": "Oracle Banking Cash Management Version 14.8.2.0.0", "product_id": "P-14195V-14.8.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_cash_management:14.8.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Cash Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Collections and Recovery Version 14.6.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Collections and Recovery Version 14.6.0.0.0-14.8.0.0.0", "product_id": "P-14742V-14.6.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_collections_and_recovery:14.6.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Collections and Recovery" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Corporate Lending Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Corporate Lending Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-12989V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_corporate_lending:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Corporate Lending" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Corporate Lending Process Management Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Corporate Lending Process Management Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-13701V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Corporate Lending Process Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Credit Facilities Process Management Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Credit Facilities Process Management Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-13703V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Credit Facilities Process Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.8.0.0.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.8.0.0.0", "product_id": "P-13304V-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_liquidity_management:14.8.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Banking Liquidity Management Version 14.8.1.0.0", "product": { "name": "Oracle Banking Liquidity Management Version 14.8.1.0.0", "product_id": "P-13304V-14.8.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_liquidity_management:14.8.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Liquidity Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Origination Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Origination Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-14325V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Banking Origination Version 14.6.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Origination Version 14.6.0.0.0-14.8.0.0.0", "product_id": "P-14325V-14.6.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_origination:14.6.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Origination" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Payments Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Payments Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-13011V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_payments:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Payments" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Supply Chain Finance Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Supply Chain Finance Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-13872V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Supply Chain Finance" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Trade Finance Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Trade Finance Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-14134V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_trade_finance:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Trade Finance" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Trade Finance Process Management Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Trade Finance Process Management Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-13718V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Trade Finance Process Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Banking Virtual Account Management(Common Core) Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Virtual Account Management(Common Core) Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-13487(Common Core)V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Banking Virtual Account Management(Core) Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Virtual Account Management(Core) Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-13487(Core)V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Banking Virtual Account Management(Platform) Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Virtual Account Management(Platform) Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-13487(Platform)V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Banking Virtual Account Management Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle Banking Virtual Account Management Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-13487V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Banking Virtual Account Management Version 14.5.0.15.0", "product": { "name": "Oracle Banking Virtual Account Management Version 14.5.0.15.0", "product_id": "P-13487V-14.5.0.15.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0.15.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Banking Virtual Account Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Documaker Version 12.7.2-13.0.2", "product": { "name": "Oracle Documaker Version 12.7.2-13.0.2", "product_id": "P-5477V-12.7.2-13.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:documaker:12.7.2-13.0.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Documaker" }, { "branches": [ { "category": "product_version_range", "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 14.5.0.0.0-14.8.0.0.0", "product": { "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management Version 14.5.0.0.0-14.8.0.0.0", "product_id": "P-9100V-14.5.0.0.0-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:flexcube_enterprise_limits_and_collateral_management:14.5.0.0.0-14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle FLEXCUBE Enterprise Limits and Collateral Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.7.9", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.7.9", "product_id": "P-5680V-8.0.7.9", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.8.7", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.0.8.7", "product_id": "P-5680V-8.0.8.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2.5", "product": { "name": "Oracle Financial Services Analytical Applications Infrastructure Version 8.1.2.5", "product_id": "P-5680V-8.1.2.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Analytical Applications Infrastructure" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.0.8.1", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.0.8.1", "product_id": "P-9190V-8.0.8.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.10", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.10", "product_id": "P-9190V-8.1.2.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.10:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.11", "product": { "name": "Oracle Financial Services Behavior Detection Platform Version 8.1.2.11", "product_id": "P-9190V-8.1.2.11", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.11:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Behavior Detection Platform" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Compliance Studio Version 8.1.2.9", "product": { "name": "Oracle Financial Services Compliance Studio Version 8.1.2.9", "product_id": "P-14392V-8.1.2.9", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.9:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Compliance Studio" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Customer Screening Version 8.1.2.8.0", "product": { "name": "Oracle Financial Services Customer Screening Version 8.1.2.8.0", "product_id": "P-13212V-8.1.2.8.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_customer_screening:8.1.2.8.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Customer Screening" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.0.8.2", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.0.8.2", "product_id": "P-13545V-8.0.8.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.10", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.10", "product_id": "P-13545V-8.1.2.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.10:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.11", "product": { "name": "Oracle Financial Services Enterprise Case Management Version 8.1.2.11", "product_id": "P-13545V-8.1.2.11", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.11:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Enterprise Case Management" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Financial Services Lending and Leasing Version 14.10.0.0.0-14.12.0.0.0", "product": { "name": "Oracle Financial Services Lending and Leasing Version 14.10.0.0.0-14.12.0.0.0", "product_id": "P-10484V-14.10.0.0.0-14.12.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.10.0.0.0-14.12.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Lending and Leasing Version 14.8.0.0.0", "product": { "name": "Oracle Financial Services Lending and Leasing Version 14.8.0.0.0", "product_id": "P-10484V-14.8.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:14.8.0.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Lending and Leasing" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Model Management and Governance Version 8.1.2.7", "product": { "name": "Oracle Financial Services Model Management and Governance Version 8.1.2.7", "product_id": "P-14276V-8.1.2.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Model Management and Governance" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Regulatory Reporting Version 8.1.2.10", "product": { "name": "Oracle Financial Services Regulatory Reporting Version 8.1.2.10", "product_id": "P-9142V-8.1.2.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.2.10:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Financial Services Regulatory Reporting Version 8.1.2.11", "product": { "name": "Oracle Financial Services Regulatory Reporting Version 8.1.2.11", "product_id": "P-9142V-8.1.2.11", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.2.11:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Regulatory Reporting" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Version 8.0.8", "product": { "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Version 8.0.8", "product_id": "P-13789V-8.0.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition" }, { "branches": [ { "category": "product_version", "name": "Oracle Financial Services Transaction Filtering Version 8.1.2.8.0", "product": { "name": "Oracle Financial Services Transaction Filtering Version 8.1.2.8.0", "product_id": "P-13311V-8.1.2.8.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:financial_services_transaction_filtering:8.1.2.8.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Financial Services Transaction Filtering" }, { "branches": [ { "category": "product_version", "name": "Oracle Insurance Policy Administration J2EE Version 11.3.1.0", "product": { "name": "Oracle Insurance Policy Administration J2EE Version 11.3.1.0", "product_id": "P-5279V-11.3.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.3.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Insurance Policy Administration J2EE Version 11.3.2.0", "product": { "name": "Oracle Insurance Policy Administration J2EE Version 11.3.2.0", "product_id": "P-5279V-11.3.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.3.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Insurance Policy Administration J2EE Version 12.0.5.0", "product": { "name": "Oracle Insurance Policy Administration J2EE Version 12.0.5.0", "product_id": "P-5279V-12.0.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:12.0.5.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Insurance Policy Administration J2EE Version 12.1.1.0", "product": { "name": "Oracle Insurance Policy Administration J2EE Version 12.1.1.0", "product_id": "P-5279V-12.1.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:12.1.1.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Insurance Policy Administration J2EE" }, { "branches": [ { "category": "product_version", "name": "Oracle Insurance Policy Administration Operational Data Store for Life and Annuity Version 1.0.2.1", "product": { "name": "Oracle Insurance Policy Administration Operational Data Store for Life and Annuity Version 1.0.2.1", "product_id": "P-13339V-1.0.2.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:insurance_policy_administration_operational_data_store_for_life_and_annuity:1.0.2.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Insurance Policy Administration Operational Data Store for Life and Annuity" } ], "category": "product_family", "name": "Oracle Financial Services Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Access Manager Version 14.1.2.0.0", "product": { "name": "Oracle Access Manager Version 14.1.2.0.0", "product_id": "P-5565V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:access_manager:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Access Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Application Development Framework (ADF) Version 12.2.1.4.0", "product": { "name": "Oracle Application Development Framework (ADF) Version 12.2.1.4.0", "product_id": "P-807V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_development_framework:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Application Development Framework (ADF) Version 14.1.2.0.0", "product": { "name": "Oracle Application Development Framework (ADF) Version 14.1.2.0.0", "product_id": "P-807V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:application_development_framework:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Application Development Framework (ADF)" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Activity Monitoring Version 12.2.1.4.0", "product": { "name": "Oracle Business Activity Monitoring Version 12.2.1.4.0", "product_id": "P-1675V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Business Activity Monitoring" }, { "branches": [ { "category": "product_version", "name": "Oracle Business Process Management Suite Version 12.2.1.4.0", "product": { "name": "Oracle Business Process Management Suite Version 12.2.1.4.0", "product_id": "P-5325V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Business Process Management Suite Version 14.1.2.0.0", "product": { "name": "Oracle Business Process Management Suite Version 14.1.2.0.0", "product_id": "P-5325V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Business Process Management Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Data Integrator Version 12.2.1.4.0", "product": { "name": "Oracle Data Integrator Version 12.2.1.4.0", "product_id": "P-2196V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Data Integrator Version 14.1.2.0.0", "product": { "name": "Oracle Data Integrator Version 14.1.2.0.0", "product_id": "P-2196V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:data_integrator:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Data Integrator" }, { "branches": [ { "category": "product_version", "name": "Oracle Fusion Middleware Version 12.2.1.4.0", "product": { "name": "Oracle Fusion Middleware Version 12.2.1.4.0", "product_id": "P-1032V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Fusion Middleware Version 14.1.2.0.0", "product": { "name": "Oracle Fusion Middleware Version 14.1.2.0.0", "product_id": "P-1032V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:fusion_middleware:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Fusion Middleware" }, { "branches": [ { "category": "product_version", "name": "Oracle HTTP Server(Core) Version 12.2.1.4.0", "product": { "name": "Oracle HTTP Server(Core) Version 12.2.1.4.0", "product_id": "P-1042(Core)V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle HTTP Server(ModSecurity) Version 12.2.1.4.0", "product": { "name": "Oracle HTTP Server(ModSecurity) Version 12.2.1.4.0", "product_id": "P-1042(ModSecurity)V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle HTTP Server(Core) Version 14.1.2.0.0", "product": { "name": "Oracle HTTP Server(Core) Version 14.1.2.0.0", "product_id": "P-1042(Core)V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle HTTP Server(ModSecurity) Version 14.1.2.0.0", "product": { "name": "Oracle HTTP Server(ModSecurity) Version 14.1.2.0.0", "product_id": "P-1042(ModSecurity)V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle HTTP Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Identity Manager Version 12.2.1.4.0", "product": { "name": "Oracle Identity Manager Version 12.2.1.4.0", "product_id": "P-1980V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Identity Manager Version 14.1.2.0.0", "product": { "name": "Oracle Identity Manager Version 14.1.2.0.0", "product_id": "P-1980V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:identity_manager:14.1.2.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Identity Manager Version 14.1.2.1.0", "product": { "name": "Oracle Identity Manager Version 14.1.2.1.0", "product_id": "P-1980V-14.1.2.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Identity Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle Identity Manager Connector Version 12.2.1.4.0", "product": { "name": "Oracle Identity Manager Connector Version 12.2.1.4.0", "product_id": "P-1999V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:identity_manager_connector:12.2.1.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Identity Manager Connector" }, { "branches": [ { "category": "product_version", "name": "Oracle Managed File Transfer Version 12.2.1.4.0", "product": { "name": "Oracle Managed File Transfer Version 12.2.1.4.0", "product_id": "P-10198V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Managed File Transfer Version 14.1.2.0.0", "product": { "name": "Oracle Managed File Transfer Version 14.1.2.0.0", "product_id": "P-10198V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Managed File Transfer" }, { "branches": [ { "category": "product_version", "name": "Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0", "product": { "name": "Oracle Middleware Common Libraries and Tools Version 12.2.1.4.0", "product_id": "P-4647V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Middleware Common Libraries and Tools Version 14.1.2.0.0", "product": { "name": "Oracle Middleware Common Libraries and Tools Version 14.1.2.0.0", "product_id": "P-4647V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Middleware Common Libraries and Tools" }, { "branches": [ { "category": "product_version", "name": "Oracle Outside In Technology Version 8.5.8", "product": { "name": "Oracle Outside In Technology Version 8.5.8", "product_id": "P-2276V-8.5.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:outside_in_technology:8.5.8:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Outside In Technology" }, { "branches": [ { "category": "product_version", "name": "Oracle SOA Suite Version 12.2.1.4.0", "product": { "name": "Oracle SOA Suite Version 12.2.1.4.0", "product_id": "P-1162V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle SOA Suite Version 14.1.2.0.0", "product": { "name": "Oracle SOA Suite Version 14.1.2.0.0", "product_id": "P-1162V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle SOA Suite" }, { "branches": [ { "category": "product_version", "name": "Oracle Security Service Version 12.1.3.0.0", "product": { "name": "Oracle Security Service Version 12.1.3.0.0", "product_id": "P-991V-12.1.3.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Security Service Version 12.2.1.4.0", "product": { "name": "Oracle Security Service Version 12.2.1.4.0", "product_id": "P-991V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Security Service" }, { "branches": [ { "category": "product_version", "name": "Oracle Tuxedo Version 22.1.0", "product": { "name": "Oracle Tuxedo Version 22.1.0", "product_id": "P-5433V-22.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:tuxedo:22.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Tuxedo Version 22.1.1", "product": { "name": "Oracle Tuxedo Version 22.1.1", "product_id": "P-5433V-22.1.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:tuxedo:22.1.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Tuxedo" }, { "branches": [ { "category": "product_version", "name": "Oracle Web Services Manager Version 12.2.1.4.0", "product": { "name": "Oracle Web Services Manager Version 12.2.1.4.0", "product_id": "P-1775V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:web_services_manager:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Web Services Manager Version 14.1.2.0.0", "product": { "name": "Oracle Web Services Manager Version 14.1.2.0.0", "product_id": "P-1775V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:web_services_manager:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Web Services Manager" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Forms Recognition Version 14.1.1.0.0", "product": { "name": "Oracle WebCenter Forms Recognition Version 14.1.1.0.0", "product_id": "P-5746V-14.1.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle WebCenter Forms Recognition" }, { "branches": [ { "category": "product_version", "name": "Oracle WebCenter Sites Version 12.2.1.4.0", "product": { "name": "Oracle WebCenter Sites Version 12.2.1.4.0", "product_id": "P-9617V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle WebCenter Sites Version 14.1.2.0.0", "product": { "name": "Oracle WebCenter Sites Version 14.1.2.0.0", "product_id": "P-9617V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:webcenter_sites:14.1.2.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle WebCenter Sites" }, { "branches": [ { "category": "product_version", "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product": { "name": "Oracle WebLogic Server Version 12.2.1.4.0", "product_id": "P-5242V-12.2.1.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product": { "name": "Oracle WebLogic Server Version 14.1.1.0.0", "product_id": "P-5242V-14.1.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle WebLogic Server Version 14.1.2.0.0", "product": { "name": "Oracle WebLogic Server Version 14.1.2.0.0", "product_id": "P-5242V-14.1.2.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle WebLogic Server Version 15.1.1.0.0", "product": { "name": "Oracle WebLogic Server Version 15.1.1.0.0", "product_id": "P-5242V-15.1.1.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:weblogic_server:15.1.1.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle WebLogic Server" } ], "category": "product_family", "name": "Oracle Fusion Middleware" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Global Lifecycle Management OPatchAuto Version 12.2.0.1.16-12.2.0.1.49", "product": { "name": "Oracle Global Lifecycle Management OPatchAuto Version 12.2.0.1.16-12.2.0.1.49", "product_id": "P-12752V-12.2.0.1.16-12.2.0.1.49", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:12.2.0.1.16-12.2.0.1.49:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Global Lifecycle Management OPatchAuto" } ], "category": "product_family", "name": "Oracle Global Lifecycle Management" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Version 23.4-23.10", "product": { "name": "Oracle GoldenGate Version 23.4-23.10", "product_id": "P-5757V-23.4-23.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.10:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle GoldenGate Version 23.4-23.26.1", "product": { "name": "Oracle GoldenGate Version 23.4-23.26.1", "product_id": "P-5757V-23.4-23.26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.26.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle GoldenGate" }, { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Big Data and Application Adapters Version 19.1.0.0.0-19.1.0.0.21", "product": { "name": "Oracle GoldenGate Big Data and Application Adapters Version 19.1.0.0.0-19.1.0.0.21", "product_id": "P-5760V-19.1.0.0.0-19.1.0.0.21", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.21:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle GoldenGate Big Data and Application Adapters(Java Delivery) Version 21.3-21.20", "product": { "name": "Oracle GoldenGate Big Data and Application Adapters(Java Delivery) Version 21.3-21.20", "product_id": "P-5760(Java Delivery)V-21.3-21.20", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.20:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle GoldenGate Big Data and Application Adapters Version 21.3-21.20", "product": { "name": "Oracle GoldenGate Big Data and Application Adapters Version 21.3-21.20", "product_id": "P-5760V-21.3-21.20", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.20:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle GoldenGate Big Data and Application Adapters Version 21.3-21.21", "product": { "name": "Oracle GoldenGate Big Data and Application Adapters Version 21.3-21.21", "product_id": "P-5760V-21.3-21.21", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.21:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle GoldenGate Big Data and Application Adapters(AWS SDK) Version 23.4-23.10", "product": { "name": "Oracle GoldenGate Big Data and Application Adapters(AWS SDK) Version 23.4-23.10", "product_id": "P-5760(AWS SDK)V-23.4-23.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.10:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle GoldenGate Big Data and Application Adapters(Java Delivery) Version 23.4-23.10", "product": { "name": "Oracle GoldenGate Big Data and Application Adapters(Java Delivery) Version 23.4-23.10", "product_id": "P-5760(Java Delivery)V-23.4-23.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.10:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle GoldenGate Big Data and Application Adapters Version 23.4-23.10", "product": { "name": "Oracle GoldenGate Big Data and Application Adapters Version 23.4-23.10", "product_id": "P-5760V-23.4-23.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.10:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle GoldenGate Big Data and Application Adapters" }, { "branches": [ { "category": "product_version_range", "name": "Oracle GoldenGate Stream Analytics Version 19.1.0.0.0-19.1.0.0.14", "product": { "name": "Oracle GoldenGate Stream Analytics Version 19.1.0.0.0-19.1.0.0.14", "product_id": "P-14015V-19.1.0.0.0-19.1.0.0.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle GoldenGate Stream Analytics" } ], "category": "product_family", "name": "Oracle GoldenGate" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Graph Server and Client Version 24.4.5", "product": { "name": "Oracle Graph Server and Client Version 24.4.5", "product_id": "P-14069V-24.4.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graph_server_and_client:24.4.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Graph Server and Client Version 25.4.1", "product": { "name": "Oracle Graph Server and Client Version 25.4.1", "product_id": "P-14069V-25.4.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graph_server_and_client:25.4.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Graph Server and Client Version 26.1.0", "product": { "name": "Oracle Graph Server and Client Version 26.1.0", "product_id": "P-14069V-26.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graph_server_and_client:26.1.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Graph Server and Client" } ], "category": "product_family", "name": "Oracle Graph Server and Client" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Hospitality Cruise Shipboard Property Management (SPMS) Version 23.1.5-23.3.0", "product": { "name": "Oracle Hospitality Cruise Shipboard Property Management (SPMS) Version 23.1.5-23.3.0", "product_id": "P-11705V-23.1.5-23.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management:23.1.5-23.3.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Hospitality Cruise Shipboard Property Management (SPMS)" } ], "category": "product_family", "name": "Oracle Hospitality Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Hyperion Infrastructure Technology Version 11.2.24.0.000", "product": { "name": "Oracle Hyperion Infrastructure Technology Version 11.2.24.0.000", "product_id": "P-4392V-11.2.24.0.000", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.24.0.000:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Hyperion Infrastructure Technology" } ], "category": "product_family", "name": "Oracle Hyperion" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "JD Edwards EnterpriseOne Tools Version 9.2.0.0-9.2.26.1", "product": { "name": "JD Edwards EnterpriseOne Tools Version 9.2.0.0-9.2.26.1", "product_id": "P-4781V-9.2.0.0-9.2.26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.0.0-9.2.26.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "JD Edwards EnterpriseOne Tools" } ], "category": "product_family", "name": "Oracle JD Edwards" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle GraalVM Enterprise Edition Version 21.3.17", "product": { "name": "Oracle GraalVM Enterprise Edition Version 21.3.17", "product_id": "P-13497V-21.3.17", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*" } } } ], "category": "product_name", "name": "Oracle GraalVM Enterprise Edition" }, { "branches": [ { "category": "product_version", "name": "Oracle GraalVM for JDK Version 17.0.18", "product": { "name": "Oracle GraalVM for JDK Version 17.0.18", "product_id": "P-13497V-17.0.18", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle GraalVM for JDK Version 21.0.10", "product": { "name": "Oracle GraalVM for JDK Version 21.0.10", "product_id": "P-13497V-21.0.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle GraalVM for JDK" }, { "branches": [ { "category": "product_version", "name": "Oracle Java SE Version 11.0.30", "product": { "name": "Oracle Java SE Version 11.0.30", "product_id": "P-856V-11.0.30", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:11.0.30:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 17.0.18", "product": { "name": "Oracle Java SE Version 17.0.18", "product_id": "P-856V-17.0.18", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:17.0.18:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 21.0.10", "product": { "name": "Oracle Java SE Version 21.0.10", "product_id": "P-856V-21.0.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:21.0.10:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 25.0.1", "product": { "name": "Oracle Java SE Version 25.0.1", "product_id": "P-856V-25.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:25.0.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 25.0.2", "product": { "name": "Oracle Java SE Version 25.0.2", "product_id": "P-856V-25.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:25.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 26", "product": { "name": "Oracle Java SE Version 26", "product_id": "P-856V-26", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:26:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 8u481", "product": { "name": "Oracle Java SE Version 8u481", "product_id": "P-856V-8u481", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Java SE Version 8u481-b50", "product": { "name": "Oracle Java SE Version 8u481-b50", "product_id": "P-856V-8u481-b50", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:8u481-b50:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Java SE Version 8u481-perf", "product": { "name": "Oracle Java SE Version 8u481-perf", "product_id": "P-856V-8u481-perf", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:enterprise_performance:*:*:*" } } } ], "category": "product_name", "name": "Oracle Java SE" } ], "category": "product_family", "name": "Oracle Java SE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Life Sciences Empirica Signal Version 9.2.1-9.2.3", "product": { "name": "Oracle Life Sciences Empirica Signal Version 9.2.1-9.2.3", "product_id": "P-9646V-9.2.1-9.2.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:life_sciences_empirica_signal:9.2.1-9.2.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Life Sciences Empirica Signal" }, { "branches": [ { "category": "product_version", "name": "Oracle Life Sciences InForm Version 7.0.1.0", "product": { "name": "Oracle Life Sciences InForm Version 7.0.1.0", "product_id": "P-9636V-7.0.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:life_sciences_inform:7.0.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Life Sciences InForm Version 7.0.1.1", "product": { "name": "Oracle Life Sciences InForm Version 7.0.1.1", "product_id": "P-9636V-7.0.1.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:life_sciences_inform:7.0.1.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Life Sciences InForm" } ], "category": "product_family", "name": "Oracle Life Science Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "MySQL Cluster Version 8.0.0-8.0.44", "product": { "name": "MySQL Cluster Version 8.0.0-8.0.44", "product_id": "P-8479V-8.0.0-8.0.44", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_cluster:8.0.0-8.0.44:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Cluster Version 8.4.0-8.4.7", "product": { "name": "MySQL Cluster Version 8.4.0-8.4.7", "product_id": "P-8479V-8.4.0-8.4.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_cluster:8.4.0-8.4.7:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Cluster Version 9.0.0-9.5.0", "product": { "name": "MySQL Cluster Version 9.0.0-9.5.0", "product_id": "P-8479V-9.0.0-9.5.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_cluster:9.0.0-9.5.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Cluster" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Connectors(Connector/C++) Version 9.0.0-9.6.0", "product": { "name": "MySQL Connectors(Connector/C++) Version 9.0.0-9.6.0", "product_id": "P-8576(Connector/C++)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_connector\\/c\\+\\+:9.0.0-9.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Connectors(Connector/ODBC) Version 9.0.0-9.6.0", "product": { "name": "MySQL Connectors(Connector/ODBC) Version 9.0.0-9.6.0", "product_id": "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_connector\\/odbc:9.0.0-9.6.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Connectors" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Enterprise Backup Version 8.0.0-8.0.45", "product": { "name": "MySQL Enterprise Backup Version 8.0.0-8.0.45", "product_id": "P-4629V-8.0.0-8.0.45", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:8.0.0-8.0.45:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Enterprise Backup Version 8.4.0-8.4.8", "product": { "name": "MySQL Enterprise Backup Version 8.4.0-8.4.8", "product_id": "P-4629V-8.4.0-8.4.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:8.4.0-8.4.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Enterprise Backup Version 9.0.0-9.6.0", "product": { "name": "MySQL Enterprise Backup Version 9.0.0-9.6.0", "product_id": "P-4629V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_enterprise_backup:9.0.0-9.6.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Enterprise Backup" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Server(InnoDB) Version 8.0.0-8.0.45", "product": { "name": "MySQL Server(InnoDB) Version 8.0.0-8.0.45", "product_id": "P-8478(InnoDB)V-8.0.0-8.0.45", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.45:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: DML) Version 8.0.0-8.0.45", "product": { "name": "MySQL Server(Server: DML) Version 8.0.0-8.0.45", "product_id": "P-8478(Server: DML)V-8.0.0-8.0.45", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.45:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Group Replication Plugin) Version 8.0.0-8.0.45", "product": { "name": "MySQL Server(Server: Group Replication Plugin) Version 8.0.0-8.0.45", "product_id": "P-8478(Server: Group Replication Plugin)V-8.0.0-8.0.45", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.45:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Information Schema) Version 8.0.0-8.0.45", "product": { "name": "MySQL Server(Server: Information Schema) Version 8.0.0-8.0.45", "product_id": "P-8478(Server: Information Schema)V-8.0.0-8.0.45", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.45:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: JSON) Version 8.0.0-8.0.45", "product": { "name": "MySQL Server(Server: JSON) Version 8.0.0-8.0.45", "product_id": "P-8478(Server: JSON)V-8.0.0-8.0.45", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.45:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Optimizer) Version 8.0.0-8.0.45", "product": { "name": "MySQL Server(Server: Optimizer) Version 8.0.0-8.0.45", "product_id": "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.45:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Packaging) Version 8.0.0-8.0.45", "product": { "name": "MySQL Server(Server: Packaging) Version 8.0.0-8.0.45", "product_id": "P-8478(Server: Packaging)V-8.0.0-8.0.45", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.0.0-8.0.45:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(InnoDB) Version 8.4.0-8.4.8", "product": { "name": "MySQL Server(InnoDB) Version 8.4.0-8.4.8", "product_id": "P-8478(InnoDB)V-8.4.0-8.4.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: DML) Version 8.4.0-8.4.8", "product": { "name": "MySQL Server(Server: DML) Version 8.4.0-8.4.8", "product_id": "P-8478(Server: DML)V-8.4.0-8.4.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Group Replication Plugin) Version 8.4.0-8.4.8", "product": { "name": "MySQL Server(Server: Group Replication Plugin) Version 8.4.0-8.4.8", "product_id": "P-8478(Server: Group Replication Plugin)V-8.4.0-8.4.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Information Schema) Version 8.4.0-8.4.8", "product": { "name": "MySQL Server(Server: Information Schema) Version 8.4.0-8.4.8", "product_id": "P-8478(Server: Information Schema)V-8.4.0-8.4.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: JSON) Version 8.4.0-8.4.8", "product": { "name": "MySQL Server(Server: JSON) Version 8.4.0-8.4.8", "product_id": "P-8478(Server: JSON)V-8.4.0-8.4.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Optimizer) Version 8.4.0-8.4.8", "product": { "name": "MySQL Server(Server: Optimizer) Version 8.4.0-8.4.8", "product_id": "P-8478(Server: Optimizer)V-8.4.0-8.4.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Packaging) Version 8.4.0-8.4.8", "product": { "name": "MySQL Server(Server: Packaging) Version 8.4.0-8.4.8", "product_id": "P-8478(Server: Packaging)V-8.4.0-8.4.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:8.4.0-8.4.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(InnoDB) Version 9.0.0-9.6.0", "product": { "name": "MySQL Server(InnoDB) Version 9.0.0-9.6.0", "product_id": "P-8478(InnoDB)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: DML) Version 9.0.0-9.6.0", "product": { "name": "MySQL Server(Server: DML) Version 9.0.0-9.6.0", "product_id": "P-8478(Server: DML)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: GIS) Version 9.0.0-9.6.0", "product": { "name": "MySQL Server(Server: GIS) Version 9.0.0-9.6.0", "product_id": "P-8478(Server: GIS)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Group Replication Plugin) Version 9.0.0-9.6.0", "product": { "name": "MySQL Server(Server: Group Replication Plugin) Version 9.0.0-9.6.0", "product_id": "P-8478(Server: Group Replication Plugin)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Information Schema) Version 9.0.0-9.6.0", "product": { "name": "MySQL Server(Server: Information Schema) Version 9.0.0-9.6.0", "product_id": "P-8478(Server: Information Schema)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: JSON) Version 9.0.0-9.6.0", "product": { "name": "MySQL Server(Server: JSON) Version 9.0.0-9.6.0", "product_id": "P-8478(Server: JSON)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Optimizer) Version 9.0.0-9.6.0", "product": { "name": "MySQL Server(Server: Optimizer) Version 9.0.0-9.6.0", "product_id": "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Packaging) Version 9.0.0-9.6.0", "product": { "name": "MySQL Server(Server: Packaging) Version 9.0.0-9.6.0", "product_id": "P-8478(Server: Packaging)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Server(Server: Partition) Version 9.0.0-9.6.0", "product": { "name": "MySQL Server(Server: Partition) Version 9.0.0-9.6.0", "product_id": "P-8478(Server: Partition)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_server:9.0.0-9.6.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Server" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Shell(Shell: Core Client) Version 8.0.0-8.0.45", "product": { "name": "MySQL Shell(Shell: Core Client) Version 8.0.0-8.0.45", "product_id": "P-8478(Shell: Core Client)V-8.0.0-8.0.45", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_shell:8.0.0-8.0.45:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Shell(Shell: Core Client) Version 8.4.0-8.4.8", "product": { "name": "MySQL Shell(Shell: Core Client) Version 8.4.0-8.4.8", "product_id": "P-8478(Shell: Core Client)V-8.4.0-8.4.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_shell:8.4.0-8.4.8:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "MySQL Shell(Shell: Core Client) Version 9.0.0-9.6.0", "product": { "name": "MySQL Shell(Shell: Core Client) Version 9.0.0-9.6.0", "product_id": "P-8478(Shell: Core Client)V-9.0.0-9.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_shell:9.0.0-9.6.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Shell" }, { "branches": [ { "category": "product_version_range", "name": "MySQL Workbench Version 8.0.0-8.0.46", "product": { "name": "MySQL Workbench Version 8.0.0-8.0.46", "product_id": "P-4627V-8.0.0-8.0.46", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:mysql_workbench:8.0.0-8.0.46:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "MySQL Workbench" } ], "category": "product_family", "name": "Oracle MySQL" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle NoSQL Database Version 1.6.5", "product": { "name": "Oracle NoSQL Database Version 1.6.5", "product_id": "P-13373V-1.6.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:nosql_database:1.6.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle NoSQL Database Version 1.7.0", "product": { "name": "Oracle NoSQL Database Version 1.7.0", "product_id": "P-13373V-1.7.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:nosql_database:1.7.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle NoSQL Database" } ], "category": "product_family", "name": "Oracle NoSQL Database" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise CC Common Application Objects Version 9.2", "product": { "name": "PeopleSoft Enterprise CC Common Application Objects Version 9.2", "product_id": "P-8911V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_cc_common_application_objects:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise CC Common Application Objects" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise CS Student Records Version 9.2", "product": { "name": "PeopleSoft Enterprise CS Student Records Version 9.2", "product_id": "P-5182V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_student_records:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise CS Student Records" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise FIN Contracts Version 9.2", "product": { "name": "PeopleSoft Enterprise FIN Contracts Version 9.2", "product_id": "P-4982V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_contracts:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise FIN Contracts" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise FIN Maintenance Management Version 9.2", "product": { "name": "PeopleSoft Enterprise FIN Maintenance Management Version 9.2", "product_id": "P-5001V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_maintenance_management:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise FIN Maintenance Management" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise FIN Project Costing Version 9.2", "product": { "name": "PeopleSoft Enterprise FIN Project Costing Version 9.2", "product_id": "P-5013V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_project_costing:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise FIN Project Costing" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise HCM Absence Management Version 9.2", "product": { "name": "PeopleSoft Enterprise HCM Absence Management Version 9.2", "product_id": "P-5041V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_absence_management:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise HCM Absence Management" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise HCM Human Resources Version 9.2", "product": { "name": "PeopleSoft Enterprise HCM Human Resources Version 9.2", "product_id": "P-5071V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_human_resources:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise HCM Human Resources" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise HCM Shared Components Version 9.2", "product": { "name": "PeopleSoft Enterprise HCM Shared Components Version 9.2", "product_id": "P-8943V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_shared_components:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise HCM Shared Components" }, { "branches": [ { "category": "product_version_range", "name": "PeopleSoft Enterprise PeopleTools Version 8.61-8.62", "product": { "name": "PeopleSoft Enterprise PeopleTools Version 8.61-8.62", "product_id": "P-5085V-8.61-8.62", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61-8.62:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise PeopleTools" }, { "branches": [ { "category": "product_version", "name": "PeopleSoft Enterprise SCM Purchasing Version 9.2", "product": { "name": "PeopleSoft Enterprise SCM Purchasing Version 9.2", "product_id": "P-5133V-9.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_scm_purchasing:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "PeopleSoft Enterprise SCM Purchasing" } ], "category": "product_family", "name": "Oracle PeopleSoft" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle REST Data Services Version 24.2.0", "product": { "name": "Oracle REST Data Services Version 24.2.0", "product_id": "P-9456V-24.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:24.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 24.2.1", "product": { "name": "Oracle REST Data Services Version 24.2.1", "product_id": "P-9456V-24.2.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:24.2.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 24.3.0", "product": { "name": "Oracle REST Data Services Version 24.3.0", "product_id": "P-9456V-24.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:24.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 24.3.1", "product": { "name": "Oracle REST Data Services Version 24.3.1", "product_id": "P-9456V-24.3.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:24.3.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 24.4.0", "product": { "name": "Oracle REST Data Services Version 24.4.0", "product_id": "P-9456V-24.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:24.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 25.1.1", "product": { "name": "Oracle REST Data Services Version 25.1.1", "product_id": "P-9456V-25.1.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:25.1.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 25.2.0", "product": { "name": "Oracle REST Data Services Version 25.2.0", "product_id": "P-9456V-25.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:25.2.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 25.2.1", "product": { "name": "Oracle REST Data Services Version 25.2.1", "product_id": "P-9456V-25.2.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:25.2.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 25.2.2", "product": { "name": "Oracle REST Data Services Version 25.2.2", "product_id": "P-9456V-25.2.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:25.2.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 25.2.3", "product": { "name": "Oracle REST Data Services Version 25.2.3", "product_id": "P-9456V-25.2.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:25.2.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 25.3.0", "product": { "name": "Oracle REST Data Services Version 25.3.0", "product_id": "P-9456V-25.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:25.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 25.3.1", "product": { "name": "Oracle REST Data Services Version 25.3.1", "product_id": "P-9456V-25.3.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:25.3.1:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle REST Data Services Version 25.4.0", "product": { "name": "Oracle REST Data Services Version 25.4.0", "product_id": "P-9456V-25.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:rest_data_services:25.4.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle REST Data Services" } ], "category": "product_family", "name": "Oracle REST Data Services" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Retail Assortment Planning Version 15.0", "product": { "name": "Oracle Retail Assortment Planning Version 15.0", "product_id": "P-1788V-15.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Assortment Planning Version 16.0", "product": { "name": "Oracle Retail Assortment Planning Version 16.0", "product_id": "P-1788V-16.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Assortment Planning" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Bulk Data Integration Version 16.0.3", "product": { "name": "Oracle Retail Bulk Data Integration Version 16.0.3", "product_id": "P-12968V-16.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Bulk Data Integration Version 19.0.1", "product": { "name": "Oracle Retail Bulk Data Integration Version 19.0.1", "product_id": "P-12968V-19.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Bulk Data Integration" }, { "branches": [ { "category": "product_version_range", "name": "Oracle Retail EFTLink Version 21.0.0-25.0.0", "product": { "name": "Oracle Retail EFTLink Version 21.0.0-25.0.0", "product_id": "P-11516V-21.0.0-25.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_eftlink:21.0.0-25.0.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail EFTLink" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Extract Tranform and Load Version 13.0.5", "product": { "name": "Oracle Retail Extract Tranform and Load Version 13.0.5", "product_id": "P-1803V-13.0.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_extract_tranform_and_load:13.0.5:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Extract Tranform and Load" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Financial Integration Version 16.0.3", "product": { "name": "Oracle Retail Financial Integration Version 16.0.3", "product_id": "P-10722V-16.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Financial Integration Version 19.0.1", "product": { "name": "Oracle Retail Financial Integration Version 19.0.1", "product_id": "P-10722V-19.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Financial Integration" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Fiscal Management Version 14.2", "product": { "name": "Oracle Retail Fiscal Management Version 14.2", "product_id": "P-9038V-14.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Fiscal Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Integration Bus Version 16.0.3", "product": { "name": "Oracle Retail Integration Bus Version 16.0.3", "product_id": "P-1807V-16.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Integration Bus Version 19.0.1", "product": { "name": "Oracle Retail Integration Bus Version 19.0.1", "product_id": "P-1807V-19.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Integration Bus" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Merchandise Financial Planning Version 15.0", "product": { "name": "Oracle Retail Merchandise Financial Planning Version 15.0", "product_id": "P-1814V-15.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_merchandise_financial_planning:15.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Merchandise Financial Planning Version 16.0", "product": { "name": "Oracle Retail Merchandise Financial Planning Version 16.0", "product_id": "P-1814V-16.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_merchandise_financial_planning:16.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Merchandise Financial Planning" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Merchandising System Version 16.0.3", "product": { "name": "Oracle Retail Merchandising System Version 16.0.3", "product_id": "P-1816V-16.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Merchandising System Version 19.0.1", "product": { "name": "Oracle Retail Merchandising System Version 19.0.1", "product_id": "P-1816V-19.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Merchandising System" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Predictive Application Server Version 16.0.3", "product": { "name": "Oracle Retail Predictive Application Server Version 16.0.3", "product_id": "P-1823V-16.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Predictive Application Server" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Price Management Version 16.0.3", "product": { "name": "Oracle Retail Price Management Version 16.0.3", "product_id": "P-1824V-16.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_price_management:16.0.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Price Management" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Service Backbone Version 16.0.3", "product": { "name": "Oracle Retail Service Backbone Version 16.0.3", "product_id": "P-10867V-16.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Service Backbone Version 19.0.1", "product": { "name": "Oracle Retail Service Backbone Version 19.0.1", "product_id": "P-10867V-19.0.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Service Backbone" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Warehouse Management System Version 16.0", "product": { "name": "Oracle Retail Warehouse Management System Version 16.0", "product_id": "P-1847V-16.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_warehouse_management_system:16.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Warehouse Management System" }, { "branches": [ { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 21.0.5", "product": { "name": "Oracle Retail Xstore Point of Service Version 21.0.5", "product_id": "P-11513V-21.0.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Retail Xstore Point of Service Version 22.0.3", "product": { "name": "Oracle Retail Xstore Point of Service Version 22.0.3", "product_id": "P-11513V-22.0.3", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:22.0.3:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Retail Xstore Point of Service" } ], "category": "product_family", "name": "Oracle Retail Applications" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Siebel CRM Administration Version 17.0-25.11", "product": { "name": "Siebel CRM Administration Version 17.0-25.11", "product_id": "P-9747V-17.0-25.11", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_administration:17.0-25.11:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Siebel CRM Administration" }, { "branches": [ { "category": "product_version_range", "name": "Siebel CRM Cloud Applications Version 17.0-26.2", "product": { "name": "Siebel CRM Cloud Applications Version 17.0-26.2", "product_id": "P-14107V-17.0-26.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_cloud_applications:17.0-26.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Siebel CRM Cloud Applications" }, { "branches": [ { "category": "product_version_range", "name": "Siebel CRM Deployment Version 17.0-25.11", "product": { "name": "Siebel CRM Deployment Version 17.0-25.11", "product_id": "P-9019V-17.0-25.11", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_deployment:17.0-25.11:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Siebel CRM Deployment Version 17.0-26.2", "product": { "name": "Siebel CRM Deployment Version 17.0-26.2", "product_id": "P-9019V-17.0-26.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_deployment:17.0-26.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Siebel CRM Deployment" }, { "branches": [ { "category": "product_version_range", "name": "Siebel CRM Development Version 17.0-26.2", "product": { "name": "Siebel CRM Development Version 17.0-26.2", "product_id": "P-9001V-17.0-26.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_development:17.0-26.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Siebel CRM Development" }, { "branches": [ { "category": "product_version_range", "name": "Siebel CRM End User Version 17.0-25.11", "product": { "name": "Siebel CRM End User Version 17.0-25.11", "product_id": "P-9011V-17.0-25.11", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_end_user:17.0-25.11:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Siebel CRM End User" }, { "branches": [ { "category": "product_version_range", "name": "Siebel CRM Integration Version 17.0-26.1", "product": { "name": "Siebel CRM Integration Version 17.0-26.1", "product_id": "P-9008V-17.0-26.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_integration:17.0-26.1:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Siebel CRM Integration Version 17.0-26.2", "product": { "name": "Siebel CRM Integration Version 17.0-26.2", "product_id": "P-9008V-17.0-26.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:siebel_crm_integration:17.0-26.2:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Siebel CRM Integration" } ], "category": "product_family", "name": "Oracle Siebel CRM" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Agile Product Lifecycle Management for Process Version 6.2.4", "product": { "name": "Oracle Agile Product Lifecycle Management for Process Version 6.2.4", "product_id": "P-4445V-6.2.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.4:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Agile Product Lifecycle Management for Process" }, { "branches": [ { "category": "product_version", "name": "Oracle AutoVue Version 21.1.0", "product": { "name": "Oracle AutoVue Version 21.1.0", "product_id": "P-4449V-21.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:autovue:21.1.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle AutoVue Version 21.1.0", "product": { "name": "Oracle AutoVue Version 21.1.0", "product_id": "P-4450V-21.1.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:autovue:21.1.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle AutoVue" }, { "branches": [ { "category": "product_version", "name": "Oracle Product Lifecycle Analytics Version 3.6.1", "product": { "name": "Oracle Product Lifecycle Analytics Version 3.6.1", "product_id": "P-9387V-3.6.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Product Lifecycle Analytics" } ], "category": "product_family", "name": "Oracle Supply Chain" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Solaris Version 11.4", "product": { "name": "Oracle Solaris Version 11.4", "product_id": "P-10006V-11.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:solaris:11.4:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Solaris" }, { "branches": [ { "category": "product_version", "name": "Sun ZFS Storage Appliance Kit Version 8.8", "product": { "name": "Sun ZFS Storage Appliance Kit Version 8.8", "product_id": "P-10026V-8.8", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Sun ZFS Storage Appliance Kit" } ], "category": "product_family", "name": "Oracle Systems" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle TimesTen In-Memory Database Version 18.1.4", "product": { "name": "Oracle TimesTen In-Memory Database Version 18.1.4", "product_id": "P-1870V-18.1.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:timesten_in-memory_database:18.1.4:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle TimesTen In-Memory Database Version 22.1.1", "product": { "name": "Oracle TimesTen In-Memory Database Version 22.1.1", "product_id": "P-1870V-22.1.1", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:timesten_in-memory_database:22.1.1:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle TimesTen In-Memory Database" } ], "category": "product_family", "name": "Oracle TimesTen In-Memory Database" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle Utilities Application Framework Version 25.10", "product": { "name": "Oracle Utilities Application Framework Version 25.10", "product_id": "P-2245V-25.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:25.10:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 25.4", "product": { "name": "Oracle Utilities Application Framework Version 25.4", "product_id": "P-2245V-25.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:25.4:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Application Framework Version 26.4", "product": { "name": "Oracle Utilities Application Framework Version 26.4", "product_id": "P-2245V-26.4", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:26.4:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 4.3.0.5.0-4.3.0.6.0", "product": { "name": "Oracle Utilities Application Framework Version 4.3.0.5.0-4.3.0.6.0", "product_id": "P-2245V-4.3.0.5.0-4.3.0.6.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.3.0.5.0-4.3.0.6.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 4.4.0.0.0-4.4.0.3.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.0.0-4.4.0.3.0", "product_id": "P-2245V-4.4.0.0.0-4.4.0.3.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.4.0.0.0-4.4.0.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 4.4.0.0.0-4.4.0.4.0", "product": { "name": "Oracle Utilities Application Framework Version 4.4.0.0.0-4.4.0.4.0", "product_id": "P-2245V-4.4.0.0.0-4.4.0.4.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.4.0.0.0-4.4.0.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "Oracle Utilities Application Framework Version 4.5.0.0.0-4.5.0.2.0", "product": { "name": "Oracle Utilities Application Framework Version 4.5.0.0.0-4.5.0.2.0", "product_id": "P-2245V-4.5.0.0.0-4.5.0.2.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_application_framework:4.5.0.0.0-4.5.0.2.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Utilities Application Framework" }, { "branches": [ { "category": "product_version", "name": "Oracle Utilities Live Energy Connect Version 25.12.0.0.0", "product": { "name": "Oracle Utilities Live Energy Connect Version 25.12.0.0.0", "product_id": "P-14257V-25.12.0.0.0", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_live_energy_connect:25.12.0.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Live Energy Connect Version 7.1.0.0.45", "product": { "name": "Oracle Utilities Live Energy Connect Version 7.1.0.0.45", "product_id": "P-14257V-7.1.0.0.45", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_live_energy_connect:7.1.0.0.45:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Utilities Live Energy Connect" }, { "branches": [ { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.4.0.1.31", "product": { "name": "Oracle Utilities Network Management System Version 2.4.0.1.31", "product_id": "P-2241V-2.4.0.1.31", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_network_management_system:2.4.0.1.31:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.1.16", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.1.16", "product_id": "P-2241V-2.5.0.1.16", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_network_management_system:2.5.0.1.16:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.5.0.2.10", "product": { "name": "Oracle Utilities Network Management System Version 2.5.0.2.10", "product_id": "P-2241V-2.5.0.2.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_network_management_system:2.5.0.2.10:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.6.0.1.10", "product": { "name": "Oracle Utilities Network Management System Version 2.6.0.1.10", "product_id": "P-2241V-2.6.0.1.10", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_network_management_system:2.6.0.1.10:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.6.0.2.5", "product": { "name": "Oracle Utilities Network Management System Version 2.6.0.2.5", "product_id": "P-2241V-2.6.0.2.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_network_management_system:2.6.0.2.5:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Network Management System Version 2.6.0.2.6", "product": { "name": "Oracle Utilities Network Management System Version 2.6.0.2.6", "product_id": "P-2241V-2.6.0.2.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_network_management_system:2.6.0.2.6:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Utilities Network Management System" }, { "branches": [ { "category": "product_version", "name": "Oracle Utilities Testing Accelerator Version 25.4.0.0.2", "product": { "name": "Oracle Utilities Testing Accelerator Version 25.4.0.0.2", "product_id": "P-13784V-25.4.0.0.2", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_testing_accelerator:25.4.0.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Testing Accelerator Version 7.0.0.0.7", "product": { "name": "Oracle Utilities Testing Accelerator Version 7.0.0.0.7", "product_id": "P-13784V-7.0.0.0.7", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_testing_accelerator:7.0.0.0.7:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "Oracle Utilities Testing Accelerator Version 7.0.0.1.5", "product": { "name": "Oracle Utilities Testing Accelerator Version 7.0.0.1.5", "product_id": "P-13784V-7.0.0.1.5", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:utilities_testing_accelerator:7.0.0.1.5:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Utilities Testing Accelerator" } ], "category": "product_family", "name": "Oracle Utilities Applications" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "Oracle VM VirtualBox Version 7.2.6", "product": { "name": "Oracle VM VirtualBox Version 7.2.6", "product_id": "P-8370V-7.2.6", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:vm_virtualbox:7.2.6:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle VM VirtualBox" } ], "category": "product_family", "name": "Oracle Virtualization" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-17521", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "32300333" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: Security (Apache Groovy)). Supported versions that are affected are 4.3.0.5.0-4.3.0.6.0 and 4.4.0.0.0-4.4.0.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Utilities Application Framework executes to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Utilities Application Framework accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2245V-4.3.0.5.0-4.3.0.6.0", "P-2245V-4.4.0.0.0-4.4.0.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.3.0.5.0-4.3.0.6.0", "P-2245V-4.4.0.0.0-4.4.0.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU133" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2245V-4.3.0.5.0-4.3.0.6.0", "P-2245V-4.4.0.0.0-4.4.0.3.0" ] } ] }, { "cve": "CVE-2021-0341", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39071709" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install (OkHttp)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14277V-25.1.200" ] } ] }, { "cve": "CVE-2021-22573", "ids": [ { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "38763697" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Google OAuth Client)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Middleware Common Libraries and Tools accessible data as well as unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 7.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0", "P-4647V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-14.1.2.0.0", "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-4647V-14.1.2.0.0", "P-4647V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2021-28168", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38773362" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "38900357" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Eclipse Jersey)). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Eclipse Jersey)). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Analytical Applications Infrastructure executes to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.1.2.5", "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU144" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5680V-8.1.2.5", "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] } ] }, { "cve": "CVE-2021-45046", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Activity Monitoring", "text": "38995868" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Activity Monitoring product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Log4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Activity Monitoring. While the vulnerability is in Oracle Business Activity Monitoring, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Activity Monitoring. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1675V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1675V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 9.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1675V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-23302", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Deployment", "text": "38759197" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure (Apache Log4j)). Supported versions that are affected are 17.0-25.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Deployment.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9019V-17.0-25.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9019V-17.0-25.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2022-23305", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Deployment", "text": "38759197" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure (Apache Log4j)). Supported versions that are affected are 17.0-25.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Deployment.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9019V-17.0-25.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9019V-17.0-25.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2022-23307", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Deployment", "text": "38759197" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure (Apache Log4j)). Supported versions that are affected are 17.0-25.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Deployment.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9019V-17.0-25.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9019V-17.0-25.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2022-40149", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9008V-17.0-26.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2022-40150", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9008V-17.0-26.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2022-45047", "ids": [ { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37581902" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (Apache Mina SSHD)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in takeover of Oracle Managed File Transfer. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10198V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10198V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2022-45685", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9008V-17.0-26.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2022-45688", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Administration", "text": "38689120" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Administration product of Oracle Siebel CRM (component: Data Archival (Quartz)). Supported versions that are affected are 17.0-25.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Administration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Administration. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9747V-17.0-25.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9747V-17.0-25.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9747V-17.0-25.11" ] } ] }, { "cve": "CVE-2022-45693", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9008V-17.0-26.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2022-46337", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38962881" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Pulsar)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2023-1436", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9008V-17.0-26.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9008V-17.0-26.2" ] } ] }, { "cve": "CVE-2023-20862", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35677932" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Spring Security)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in takeover of Oracle Banking Origination.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14325V-14.5.0.0.0-14.8.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14325V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" } ] }, { "cve": "CVE-2023-20863", "ids": [ { "system_name": "Oracle Bug ID of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity", "text": "36286008" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Financial Services Applications (component: Logger (Spring Framework)). The supported version that is affected is 1.0.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13339V-1.0.2.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13339V-1.0.2.1" ], "url": "https://support.oracle.com/" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13339V-1.0.2.1" ] } ] }, { "cve": "CVE-2023-26464", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Deployment", "text": "38759197" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Server Infrastructure (Apache Log4j)). Supported versions that are affected are 17.0-25.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Deployment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9019V-17.0-25.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9019V-17.0-25.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9019V-17.0-25.11" ] } ] }, { "cve": "CVE-2023-2976", "ids": [ { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "38995872" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Oracle MFT Installer (Google Guava)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Managed File Transfer executes to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data as well as unauthorized access to critical data or complete access to all Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10198V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-10198V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2023-34034", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35677932" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Spring Security)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in takeover of Oracle Banking Origination. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14325V-14.5.0.0.0-14.8.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14325V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14325V-14.5.0.0.0-14.8.0.0.0" ] } ] }, { "cve": "CVE-2023-34035", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "35677932" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Onboarding Batch Processes (Spring Security)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in takeover of Oracle Banking Origination.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14325V-14.5.0.0.0-14.8.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14325V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" } ] }, { "cve": "CVE-2023-34453", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "38005649" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Snappy)). The supported version that is affected is 24.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14122V-24.2.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-24.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU103" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14122V-24.2.1" ] } ] }, { "cve": "CVE-2023-35116", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38617865" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (jackson-databind)). The supported version that is affected is 8.2.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-8.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-8.2.0.0.0" ] } ] }, { "cve": "CVE-2023-3894", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39092595" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache CXF)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2023-44981", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "35966004" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38551204" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "35966010" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "35966011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache ZooKeeper)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Corporate Lending Process Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache ZooKeeper)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Supply Chain Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Supply Chain Finance accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Common (Apache ZooKeeper)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance Process Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance Process Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Netty)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Command Center Framework.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-13788V-15.0", "P-13718V-14.5.0.0.0-14.8.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-13718V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-13718V-14.5.0.0.0-14.8.0.0.0" ] } ] }, { "cve": "CVE-2023-46750", "ids": [ { "system_name": "Oracle Bug ID of Oracle Adapter for Eclipse RDF4J", "text": "36190248" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Adapter for Eclipse RDF4J (component: Jena adapter (Apache Shiro)). The supported version that is affected is 24.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Adapter for Eclipse RDF4J. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Adapter for Eclipse RDF4J, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Adapter for Eclipse RDF4J accessible data as well as unauthorized read access to a subset of Oracle Adapter for Eclipse RDF4J accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14286V-24.1.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14286V-24.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14286V-24.1.0" ] } ] }, { "cve": "CVE-2023-48795", "ids": [ { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "37581902" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: Runtime Server (Apache Mina SSHD)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in takeover of Oracle Managed File Transfer.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10198V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10198V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ] }, { "cve": "CVE-2023-51775", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38963217" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: Event Publish and Subscribe (jose4j)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9008V-17.0-26.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2023-52428", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38696520" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Nimbus JOSE+JWT)). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ] } ] }, { "cve": "CVE-2023-5388", "ids": [ { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "37454481" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security (NSS)). Supported versions that are affected are 9.2.0.0-9.2.26.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-9.2.0.0-9.2.26.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU137" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "P-4781V-9.2.0.0-9.2.26.1" ] } ] }, { "cve": "CVE-2024-12718", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38540229" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2024-13009", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38551204" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager", "text": "38073449" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data as well as unauthorized read access to a subset of Oracle Identity Manager accessible data. CVSS 3.1 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Netty)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Command Center Framework.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1980V-12.2.1.4.0", "P-13788V-15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1980V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1980V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-23944", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38551204" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Netty)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Command Center Framework.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13788V-15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ] }, { "cve": "CVE-2024-24789", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2024-24790", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2024-28752", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39092595" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache CXF)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2024-29371", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38963217" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: Event Publish and Subscribe (jose4j)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9008V-17.0-26.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9008V-17.0-26.2" ] } ] }, { "cve": "CVE-2024-29736", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39092595" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache CXF)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2024-29857", "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "39006777" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38978772" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Netty)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: B2B Engine (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SOA Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0", "P-1162V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1162V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-30172", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38978772" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Netty)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2024-31573", "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "38810913" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Fabric Layer (xmlunit)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle SOA Suite executes to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle SOA Suite accessible data as well as unauthorized read access to a subset of Oracle SOA Suite accessible data. CVSS 3.1 Base Score 4.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1162V-14.1.2.0.0", "P-1162V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1162V-14.1.2.0.0", "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 4.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1162V-14.1.2.0.0", "P-1162V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2024-32007", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39092595" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache CXF)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2024-34447", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38978772" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Netty)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2024-36124", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38817491" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: Open Integration (Snappy)). Supported versions that are affected are 17.0-26.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM Integration. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9008V-17.0-26.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-9008V-17.0-26.1" ] } ] }, { "cve": "CVE-2024-37059", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38980568" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (mlflow)). Supported versions that are affected are 6.1.1-7.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2024-38820", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38478526" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Spring Framework)). The supported version that is affected is 15.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13788V-15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ] }, { "cve": "CVE-2024-3884", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14118(Signaling)V-25.1.204" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39109212" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "39109210" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "39109215" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (Undertow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Undertow)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Policy, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install (Undertow)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Unified Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200" ], "known_not_affected": [ "P-14118(Signaling)V-25.1.204" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.100", "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14118(Signaling)V-25.1.204" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14118(Signaling)V-25.1.204" ] } ] }, { "cve": "CVE-2024-4027", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14118(Signaling)V-25.1.204" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39109212" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "39109210" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "39109215" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (Undertow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Undertow)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Policy, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install (Undertow)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Unified Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200" ], "known_not_affected": [ "P-14118(Signaling)V-25.1.204" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.100", "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14118(Signaling)V-25.1.204" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14118(Signaling)V-25.1.204" ] } ] }, { "cve": "CVE-2024-41172", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39092595" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache CXF)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2024-43394", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38542218" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. Note: This vulnerability applies to Windows only. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ] } ] }, { "cve": "CVE-2024-45339", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38921182" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Golang Go)). The supported version that is affected is 7.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Assurance accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 5.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14597V-7.0.0" ] } ] }, { "cve": "CVE-2024-47535", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38551204" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Netty)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Command Center Framework.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13788V-15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ] }, { "cve": "CVE-2024-51504", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38551204" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "37704606" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core (Apache ZooKeeper)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Command Center Framework. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Netty)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Command Center Framework.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13788V-15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-13788V-15.0" ] } ] }, { "cve": "CVE-2024-52046", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38962881" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Pulsar)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2024-5535", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "37200686" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (OpenSSL)). The supported version that is affected is 25.1.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Slice Selection Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-14130V-25.1.100" ] } ] }, { "cve": "CVE-2024-56406", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "37889101" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "37889056" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "37889100" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Endeca Application Controller (Perl)). The supported version that is affected is 11.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search as well as unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data and unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install (Perl)). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized read access to a subset of Oracle Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen (Perl)). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized read access to a subset of Oracle Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370(Enterprise Manager Install)V-24.1", "P-1370(Agent Next Gen)V-24.1", "P-1370(Enterprise Manager Install)V-13.5", "P-9633(Endeca Application Controller)V-11.4.0", "P-1370(Agent Next Gen)V-13.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633(Endeca Application Controller)V-11.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU135" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370(Enterprise Manager Install)V-13.5", "P-1370(Agent Next Gen)V-13.5", "P-1370(Enterprise Manager Install)V-24.1", "P-1370(Agent Next Gen)V-24.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU59" } ], "scores": [ { "cvss_v3": { "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "P-1370(Enterprise Manager Install)V-13.5", "P-1370(Agent Next Gen)V-13.5", "P-1370(Enterprise Manager Install)V-24.1", "P-1370(Agent Next Gen)V-24.1", "P-9633(Endeca Application Controller)V-11.4.0" ] } ] }, { "cve": "CVE-2024-6387", "ids": [ { "system_name": "Oracle Bug ID of Sun ZFS Storage Appliance Kit", "text": "37894515" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Sun ZFS Storage Appliance Kit product of Oracle Systems (component: Firmware subsystem (OpenSSH)). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Sun ZFS Storage Appliance Kit. While the vulnerability is in Sun ZFS Storage Appliance Kit, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10026V-8.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10026V-8.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU134" } ], "scores": [ { "cvss_v3": { "baseScore": 9.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10026V-8.8" ] } ] }, { "cve": "CVE-2024-6763", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38551204" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Netty)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Command Center Framework.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13788V-15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ] }, { "cve": "CVE-2024-7254", "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Big Data and Application Adapters", "text": "38894378" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Third Party (Google Protobuf-Java)). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle GoldenGate Big Data and Application Adapters. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Big Data and Application Adapters. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5760V-23.4-23.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5760V-23.4-23.10" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5760V-23.4-23.10" ] } ] }, { "cve": "CVE-2024-8184", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "38003414" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 24.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14122V-24.2.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-24.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU103" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14122V-24.2.1" ] } ] }, { "cve": "CVE-2024-9287", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38540229" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-0453", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38980568" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (mlflow)). Supported versions that are affected are 6.1.1-7.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2025-0725", "ids": [ { "system_name": "Oracle Bug ID of Oracle Access Manager", "text": "38764395" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Web Server Plugin (curl)). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Access Manager. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5565V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5565V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-5565V-14.1.2.0.0" ] } ] }, { "cve": "CVE-2025-10148", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38448050" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "38448055" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38858221" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (curl)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (curl)). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle HTTP Server product of Oracle Fusion Middleware (component: ModSecurity (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0", "P-4392V-11.2.24.0.000" ], "known_not_affected": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.24.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=KA812" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2025-11143", "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Big Data and Application Adapters", "text": "39070733" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Java Delivery (Eclipse Jetty)). Supported versions that are affected are 21.3-21.21 and 23.4-23.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Big Data and Application Adapters. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GoldenGate Big Data and Application Adapters accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5760V-23.4-23.10", "P-5760V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5760V-23.4-23.10", "P-5760V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-5760V-23.4-23.10", "P-5760V-21.3-21.21" ] } ] }, { "cve": "CVE-2025-11187", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of Oracle Autonomous Health Framework", "text": "38934549" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Autonomous Health Framework (component: Trace File Analyzer (OpenSSL)). Supported versions that are affected are 25.11-26.1. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Autonomous Health Framework. Successful attacks of this vulnerability can result in takeover of Oracle Autonomous Health Framework.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-14634V-25.11-26.1", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-25.11-26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ] }, { "cve": "CVE-2025-11200", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38980568" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (mlflow)). Supported versions that are affected are 6.1.1-7.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2025-11201", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38980568" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (mlflow)). Supported versions that are affected are 6.1.1-7.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2025-12183", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "38777516" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure (lz4-java)). The supported version that is affected is 14.8.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Liquidity Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13304V-14.8.0.0.0" ], "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-13304V-14.8.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] } ] }, { "cve": "CVE-2025-12383", "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "39059320" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39071791" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: B2B Engine (Eclipse Jersey)). The supported version that is affected is 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle SOA Suite accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Configuration (Eclipse Jersey)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-25.1.200", "P-1162V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1162V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14277V-25.1.200", "P-1162V-14.1.2.0.0" ] } ] }, { "cve": "CVE-2025-12543", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14118(Signaling)V-25.1.204" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39109212" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "39109210" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "39109215" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (Undertow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Undertow)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Policy, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install (Undertow)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Unified Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200" ], "known_not_affected": [ "P-14118(Signaling)V-25.1.204" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.100", "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14118(Signaling)V-25.1.204" ] }, { "cvss_v3": { "baseScore": 9.6, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14277V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14118(Signaling)V-25.1.204" ] } ] }, { "cve": "CVE-2025-13034", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38858212" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38858230" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38858221" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38858204" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38858206" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38858217" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Enterprise Backup executes to compromise MySQL Enterprise Backup. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Backup accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Backup accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data as well as unauthorized access to critical data or complete access to all MySQL Server accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (curl)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle HTTP Server product of Oracle Fusion Middleware (component: ModSecurity (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (libcurl)). Supported versions that are affected are 8.61-8.62. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-14119V-25.1.200", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "known_not_affected": [ "P-4379V-21.8.1.0.0", "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-13151", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "38850305" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38850308" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38850312" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Libtasn1)). The supported version that is affected is 24.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (Libtasn1)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (Libtasn1)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14122V-24.2.1", "P-14119V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-24.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU103" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14122V-24.2.1", "P-14119V-25.1.200" ] } ] }, { "cve": "CVE-2025-13601", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "38904076" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (glib)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Cloud Applications accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 7.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-26.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "P-14107V-17.0-26.2" ] } ] }, { "cve": "CVE-2025-14017", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38858212" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38858230" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38858221" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38858204" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38858206" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38858217" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Enterprise Backup executes to compromise MySQL Enterprise Backup. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Backup accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Backup accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data as well as unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (curl)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle HTTP Server product of Oracle Fusion Middleware (component: ModSecurity (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (libcurl)). Supported versions that are affected are 8.61-8.62. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-14119V-25.1.200", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "known_not_affected": [ "P-4379V-21.8.1.0.0", "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-14119V-25.1.200", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-14104", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Certificate Management", "text": "39142637" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "39058002" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (util-linux)). The supported version that is affected is 25.1.201. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Console executes to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console and unauthorized read access to a subset of Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (util-linux)). The supported version that is affected is 25.1.201. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Certificate Management executes to compromise Oracle Communications Cloud Native Core Certificate Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Certificate Management and unauthorized read access to a subset of Oracle Communications Cloud Native Core Certificate Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14868V-25.1.201", "P-14250V-25.1.201" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU112" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14868V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU140" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "P-14868V-25.1.201", "P-14250V-25.1.201" ] } ] }, { "cve": "CVE-2025-14279", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38980568" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (mlflow)). Supported versions that are affected are 6.1.1-7.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2025-14524", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38858212" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38858230" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38858221" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38858204" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38858206" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38858217" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Enterprise Backup executes to compromise MySQL Enterprise Backup. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Backup accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Backup accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data as well as unauthorized access to critical data or complete access to all MySQL Server accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (curl)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle HTTP Server product of Oracle Fusion Middleware (component: ModSecurity (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (libcurl)). Supported versions that are affected are 8.61-8.62. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-14119V-25.1.200", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "known_not_affected": [ "P-4379V-21.8.1.0.0", "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-14819", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38858212" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38858230" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38858221" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38858204" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38858206" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38858217" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Enterprise Backup executes to compromise MySQL Enterprise Backup. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Backup accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Backup accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data as well as unauthorized access to critical data or complete access to all MySQL Server accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (curl)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle HTTP Server product of Oracle Fusion Middleware (component: ModSecurity (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (libcurl)). Supported versions that are affected are 8.61-8.62. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-14119V-25.1.200", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "known_not_affected": [ "P-4379V-21.8.1.0.0", "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-15079", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38858212" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38858230" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38858221" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38858204" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38858206" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38858217" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Enterprise Backup executes to compromise MySQL Enterprise Backup. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Backup accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Backup accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data as well as unauthorized access to critical data or complete access to all MySQL Server accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (curl)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle HTTP Server product of Oracle Fusion Middleware (component: ModSecurity (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (libcurl)). Supported versions that are affected are 8.61-8.62. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-14119V-25.1.200", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "known_not_affected": [ "P-4379V-21.8.1.0.0", "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-15224", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38858212" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38858230" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38858221" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38858204" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38858206" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38858217" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Enterprise Backup executes to compromise MySQL Enterprise Backup. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Backup accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Backup accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data as well as unauthorized access to critical data or complete access to all MySQL Server accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (curl)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Unified Data Repository executes to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle HTTP Server product of Oracle Fusion Middleware (component: ModSecurity (curl)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (libcurl)). Supported versions that are affected are 8.61-8.62. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-14119V-25.1.200", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "known_not_affected": [ "P-4379V-21.8.1.0.0", "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1042(ModSecurity)V-14.1.2.0.0", "P-1042(ModSecurity)V-12.2.1.4.0", "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-15284", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38907467" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (qs)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ] }, { "cve": "CVE-2025-15467", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-10758V-4.2.0", "P-10758V-5.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38906676" }, { "system_name": "Oracle Bug ID of Oracle Autonomous Health Framework", "text": "38934549" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "39144847" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38906673" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Certificate Management", "text": "39142728" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38906416" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38988847" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38906672" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38906683" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Communications Broker", "text": "39070600" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security (OpenSSL)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Autonomous Health Framework (component: Trace File Analyzer (OpenSSL)). Supported versions that are affected are 25.11-26.1. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Autonomous Health Framework. Successful attacks of this vulnerability can result in takeover of Oracle Autonomous Health Framework. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the RDBMS (OpenSSL) component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 23.4.0-23.26.1. Easily exploitable vulnerability allows high privileged attacker having None privilege with network access via multiple protocols to compromise RDBMS (OpenSSL). Successful attacks of this vulnerability can result in takeover of RDBMS (OpenSSL).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Enterprise Communications Broker product of Oracle Communications (component: Third Party (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (OpenSSL)). The supported version that is affected is 25.1.201. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Certificate Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Certificate Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (OpenSSL)). The supported version that is affected is 25.1.201. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Console. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-14634V-25.11-26.1", "P-5(RDBMS)V-19.3-19.30", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5(RDBMS)V-23.4.0-23.26.1", "P-2025V-8.2.0.0.0", "P-14250V-25.1.201", "P-4629V-9.0.0-9.6.0", "P-4627V-8.0.0-8.0.46", "P-14868V-25.1.201", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-5085V-8.61-8.62", "P-8478(Server: Packaging)V-8.4.0-8.4.8" ], "known_not_affected": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-10758V-4.2.0", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-10758V-5.0.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-25.11-26.1", "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-23.4.0-23.26.1", "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10758V-4.2.0", "P-10758V-5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU88" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14868V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU140" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU112" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14868V-25.1.201", "P-5085V-8.61-8.62", "P-2025V-8.2.0.0.0", "P-14250V-25.1.201" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-10758V-4.2.0", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-10758V-5.0.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ] }, { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14634V-25.11-26.1" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-10758V-4.2.0", "P-10758V-5.0.0" ] } ] }, { "cve": "CVE-2025-15468", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ] }, { "cve": "CVE-2025-15469", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ] }, { "cve": "CVE-2025-1948", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "38017326" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Configuration (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14325V-14.5.0.0.0-14.8.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14325V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14325V-14.5.0.0.0-14.8.0.0.0" ] } ] }, { "cve": "CVE-2025-22233", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38696033" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38478526" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Spring Framework)). The supported version that is affected is 15.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Spring Framework)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-13788V-15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" } ] }, { "cve": "CVE-2025-22869", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38883829" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Golang Crypto)). The supported version that is affected is 7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via SSH to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2025-23184", "ids": [ { "system_name": "Oracle Bug ID of Primavera P6 Enterprise Project Portfolio Management", "text": "38723438" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39092595" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: P6 Web Services (Apache CXF)). Supported versions that are affected are 24.12.0.0-24.12.13.0 and 25.12.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache CXF)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5579V-25.12.0.0", "P-14597V-6.1.1-7.0.0", "P-5579V-24.12.0.0-24.12.13.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5579V-25.12.0.0", "P-5579V-24.12.0.0-24.12.13.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU121" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2025-24970", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38591392" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38551204" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Netty)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Command Center Framework.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Netty)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13788V-15.0", "P-2025V-8.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-2025V-8.2.0.0.0" ] } ] }, { "cve": "CVE-2025-25193", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38551204" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Netty)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Command Center Framework.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13788V-15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ] }, { "cve": "CVE-2025-26333", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Testing Suite", "text": "38540109" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "38540139" }, { "system_name": "Oracle Bug ID of Oracle Communications Network Integrity", "text": "38540140" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (BSAFE Crypto-J)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications (component: Security Component (BSAFE Crypto-J)). Supported versions that are affected are 7.5.0-7.5.1, 7.6.0-7.8.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Inventory Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Network Integrity product of Oracle Communications (component: Other (BSAFE Crypto-J)). Supported versions that are affected are 7.3.6, 7.4.0, 7.5.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Integrity. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Network Integrity accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4622V-13.3.0.1", "P-4491V-7.4.0", "P-4516V-7.6.0-7.8.0", "P-4491V-7.5.0", "P-4516V-8.0.0", "P-4491V-7.3.6", "P-4491V-8.0.0", "P-4516V-7.5.0-7.5.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4622V-13.3.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU59" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.6.0-7.8.0", "P-4516V-8.0.0", "P-4516V-7.5.0-7.5.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU67" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4491V-7.4.0", "P-4491V-7.5.0", "P-4491V-7.3.6", "P-4491V-8.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU66" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-4622V-13.3.0.1", "P-4491V-7.4.0", "P-4516V-7.6.0-7.8.0", "P-4491V-7.5.0", "P-4516V-8.0.0", "P-4491V-7.3.6", "P-4491V-8.0.0", "P-4516V-7.5.0-7.5.1" ] } ] }, { "cve": "CVE-2025-26791", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "37932463" }, { "system_name": "Oracle Bug ID of Primavera P6 Enterprise Project Portfolio Management", "text": "38844272" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (DOMPurify)). Supported versions that are affected are 25.1.200 and 25.2.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Network Function Cloud Native Environment, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: P6WS (DOMPurify)). Supported versions that are affected are 21.12.0.0-21.12.21.6, 22.12.0.0-22.12.21.1, 23.12.0.0-23.12.18.0, 24.12.0.0-24.12.13.0 and 25.12.0.0-25.12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-25.1.200", "P-5579V-23.12.0.0-23.12.18.0", "P-14125V-25.2.200", "P-5579V-21.12.0.0-21.12.21.6", "P-5579V-22.12.0.0-22.12.21.1", "P-5579V-25.12.0.0-25.12.2.0", "P-5579V-24.12.0.0-24.12.13.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5579V-23.12.0.0-23.12.18.0", "P-5579V-21.12.0.0-21.12.21.6", "P-5579V-22.12.0.0-22.12.21.1", "P-5579V-25.12.0.0-25.12.2.0", "P-5579V-24.12.0.0-24.12.13.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU121" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "cvss_v3": { "baseScore": 4.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-5579V-23.12.0.0-23.12.18.0", "P-5579V-21.12.0.0-21.12.21.6", "P-5579V-22.12.0.0-22.12.21.1", "P-5579V-25.12.0.0-25.12.2.0", "P-5579V-24.12.0.0-24.12.13.0" ] } ] }, { "cve": "CVE-2025-27209", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38875863" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-27210", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38875863" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-27636", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38241127" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Platform (Apache Camel)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data as well as unauthorized read access to a subset of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 4.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" } ], "scores": [ { "cvss_v3": { "baseScore": 4.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ] } ] }, { "cve": "CVE-2025-27817", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "38128812" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "38128814" }, { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38855547" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "38128816" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38128815" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "38128807" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "38128808" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Credit Facilities Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Configuration (Apache Kafka)). Supported versions that are affected are 14.6.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Origination accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Trade Finance Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Core (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Supply Chain Finance accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: Event Publish and Subscribe (Apache Kafka)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM Integration accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13703V-14.5.0.0.0-14.8.0.0.0", "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-9008V-17.0-26.2", "P-13718V-14.5.0.0.0-14.8.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13703V-14.5.0.0.0-14.8.0.0.0", "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-13718V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13703V-14.5.0.0.0-14.8.0.0.0", "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-9008V-17.0-26.2", "P-13718V-14.5.0.0.0-14.8.0.0.0" ] } ] }, { "cve": "CVE-2025-27818", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "38128812" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "38128814" }, { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38855547" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "38128816" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38128815" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "38128807" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "38128808" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending Process Management accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Credit Facilities Process Management accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Configuration (Apache Kafka)). Supported versions that are affected are 14.6.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Origination accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Trade Finance Process Management accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Core (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache Kafka)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Supply Chain Finance accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: Event Publish and Subscribe (Apache Kafka)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM Integration accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13703V-14.5.0.0.0-14.8.0.0.0", "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-9008V-17.0-26.2", "P-13718V-14.5.0.0.0-14.8.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13703V-14.5.0.0.0-14.8.0.0.0", "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-13718V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2025-27820", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "38853465" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Regulatory Reporting", "text": "39201136" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Apache HttpClient)). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Regulatory Reporting product of Oracle Financial Services Applications (component: Installer (Apache HttpClient)). Supported versions that are affected are 8.1.2.10 and 8.1.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Regulatory Reporting accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7", "P-9142V-8.1.2.10", "P-9142V-8.1.2.11" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU144" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9142V-8.1.2.10", "P-9142V-8.1.2.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU91" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5680V-8.1.2.5", "P-9142V-8.1.2.10", "P-9142V-8.1.2.11", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] } ] }, { "cve": "CVE-2025-27821", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "39022619" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39022616" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Hadoop)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Hadoop)). The supported version that is affected is 8.1.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Model Management and Governance accessible data as well as unauthorized read access to a subset of Oracle Financial Services Model Management and Governance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Model Management and Governance. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14276V-8.1.2.7", "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU70" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] }, { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-14276V-8.1.2.7" ] } ] }, { "cve": "CVE-2025-29482", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38577962" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher (libheif)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61-8.62" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ] }, { "cve": "CVE-2025-30065", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38962881" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Pulsar)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2025-31672", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Development Framework (ADF)", "text": "37824494" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38448113" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces (Apache POI)). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Development Framework (ADF) accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Apache POI)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-807V-14.1.2.0.0", "P-13788V-15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-807V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-807V-14.1.2.0.0", "P-13788V-15.0" ] } ] }, { "cve": "CVE-2025-31948", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38642622" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Data Mining (Intel oneAPI Toolkit OpenMP) component of Oracle Database Server. Supported versions that are affected are 19.3-19.30, 21.3-21.21 and 23.4.0-23.26.1. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with logon to the infrastructure where Data Mining (Intel oneAPI Toolkit OpenMP) executes to compromise Data Mining (Intel oneAPI Toolkit OpenMP). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Mining (Intel oneAPI Toolkit OpenMP). CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Data Mining)V-19.3-19.30", "P-5(Data Mining)V-23.4.0-23.26.1", "P-5(Data Mining)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Data Mining)V-21.3-21.21", "P-5(Data Mining)V-19.3-19.30", "P-5(Data Mining)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(Data Mining)V-21.3-21.21", "P-5(Data Mining)V-19.3-19.30", "P-5(Data Mining)V-23.4.0-23.26.1" ] } ] }, { "cve": "CVE-2025-32988", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38206350" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38206352" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (GnuTLS)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (GnuTLS)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Service Communication Proxy accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-25.1.200", "P-14117V-25.2.100", "P-14117V-25.1.202" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2025-32989", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38206350" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38206352" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (GnuTLS)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (GnuTLS)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Service Communication Proxy accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-25.1.200", "P-14117V-25.2.100", "P-14117V-25.1.202" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2025-32990", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38206350" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38206352" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (GnuTLS)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (GnuTLS)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Service Communication Proxy accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-25.1.200", "P-14117V-25.2.100", "P-14117V-25.1.202" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-14123V-25.1.200" ] } ] }, { "cve": "CVE-2025-33042", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.14" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38993744" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "38986650" }, { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "38993759" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "38999265" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38973324" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "38993761" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Big Data and Application Adapters", "text": "38993751" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Apache Avro)). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Composer (Apache Avro)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Avro)). The supported version that is affected is 6.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Third Party (Apache Avro)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.21, 21.3-21.21 and 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GoldenGate Big Data and Application Adapters executes to compromise Oracle GoldenGate Big Data and Application Adapters. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GoldenGate Big Data and Application Adapters accessible data as well as unauthorized read access to a subset of Oracle GoldenGate Big Data and Application Adapters accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GoldenGate Big Data and Application Adapters. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters (Apache Avro)). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle SOA Suite accessible data as well as unauthorized read access to a subset of Oracle SOA Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle SOA Suite. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Third Party (Apache Avro)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Avro)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data as well as unauthorized read access to a subset of Oracle Middleware Common Libraries and Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5325V-14.1.2.0.0", "P-4647V-14.1.2.0.0", "P-2025V-7.6.0.0.0", "P-4647V-12.2.1.4.0", "P-2025V-8.2.0.0.0", "P-5325V-12.2.1.4.0", "P-5760V-19.1.0.0.0-19.1.0.0.21", "P-14597V-6.1.1", "P-5760V-23.4-23.10", "P-1162V-14.1.2.0.0", "P-5760V-21.3-21.21" ], "known_not_affected": [ "P-14015V-19.1.0.0.0-19.1.0.0.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-14.1.2.0.0", "P-4647V-14.1.2.0.0", "P-4647V-12.2.1.4.0", "P-5325V-12.2.1.4.0", "P-1162V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.14", "P-5760V-19.1.0.0.0-19.1.0.0.21", "P-5760V-23.4-23.10", "P-5760V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-5325V-14.1.2.0.0", "P-4647V-14.1.2.0.0", "P-2025V-7.6.0.0.0", "P-4647V-12.2.1.4.0", "P-2025V-8.2.0.0.0", "P-5325V-12.2.1.4.0", "P-14597V-6.1.1", "P-1162V-14.1.2.0.0" ] }, { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-5760V-19.1.0.0.0-19.1.0.0.21", "P-5760V-23.4-23.10", "P-5760V-21.3-21.21" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.14" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.14" ] } ] }, { "cve": "CVE-2025-35036", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "38482055" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "36524818" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Validator)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data as well as unauthorized read access to a subset of Oracle Middleware Common Libraries and Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Validator)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4647V-12.2.1.4.0", "P-5242V-12.2.1.4.0", "P-4647V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-14.1.2.0.0", "P-4647V-12.2.1.4.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-4647V-14.1.2.0.0", "P-4647V-12.2.1.4.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2025-41242", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38696033" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38478526" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Spring Framework)). The supported version that is affected is 15.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Spring Framework)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-13788V-15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13788V-15.0" ] } ] }, { "cve": "CVE-2025-41248", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14123V-25.1.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38517105" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38517108" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "38517089" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38517111" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Spring Security)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Branch accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (Spring Security)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Spring Security)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Spring Security)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 4.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0", "P-14324V-14.5.0.0.0-14.8.0.0.0", "P-14118(Signaling)V-25.1.204" ], "known_not_affected": [ "P-14123V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14324V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14324V-14.5.0.0.0-14.8.0.0.0", "P-14118(Signaling)V-25.1.204" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14123V-25.1.200" ] }, { "cvss_v3": { "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14123V-25.1.200" ] } ] }, { "cve": "CVE-2025-41249", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "38517466" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38517488" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "38517497" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending", "text": "38517465" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "38517451" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "38517462" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "38517484" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "38517474" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "38517471" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38517493" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "38517461" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Forms Recognition", "text": "38517547" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager for Fusion Middleware", "text": "38517447" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38696033" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: Infrastructure Management (Spring Framework)). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: Security (Spring Framework)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (Spring Framework)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Branch accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Accessibility (Spring Framework)). The supported version that is affected is 14.8.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core (Spring Framework)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Framework)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Configuration (Spring Framework)). Supported versions that are affected are 14.6.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Origination accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Core (Spring Framework)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Install (Spring Framework)). The supported version that is affected is 24.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Exposure Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Spring Framework)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Spring Framework)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 4.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Financial Services Applications (component: Documaker Core (Spring Framework)). Supported versions that are affected are 12.7.2-13.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Documaker accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Forms Recognition product of Oracle Fusion Middleware (component: Learnset Manager (Spring Framework)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Forms Recognition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Forms Recognition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Spring Framework)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5477V-12.7.2-13.0.2", "P-14122V-24.2.1", "P-12989V-14.5.0.0.0-14.8.0.0.0", "P-14123V-25.1.200", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-1369(Infrastructure Management)V-24.1", "P-5746V-14.1.1.0.0", "P-14597V-6.1.1-7.0.0", "P-14324V-14.5.0.0.0-14.8.0.0.0", "P-14195V-14.8.2.0.0", "P-1369(Infrastructure Management)V-13.5", "P-14134V-14.5.0.0.0-14.8.0.0.0" ], "known_not_affected": [ "P-14252V-25.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1369(Infrastructure Management)V-24.1", "P-1369(Infrastructure Management)V-13.5" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU59" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-25.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU119" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7.2-13.0.2", "P-12989V-14.5.0.0.0-14.8.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-14324V-14.5.0.0.0-14.8.0.0.0", "P-14195V-14.8.2.0.0", "P-14134V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-24.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU103" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5746V-14.1.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14122V-24.2.1", "P-12989V-14.5.0.0.0-14.8.0.0.0", "P-14123V-25.1.200", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-1369(Infrastructure Management)V-24.1", "P-5746V-14.1.1.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-14324V-14.5.0.0.0-14.8.0.0.0", "P-14195V-14.8.2.0.0", "P-1369(Infrastructure Management)V-13.5", "P-14134V-14.5.0.0.0-14.8.0.0.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-25.2.0.0.0" ] }, { "cvss_v3": { "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-5477V-12.7.2-13.0.2" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ] }, { "cve": "CVE-2025-41253", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38568262" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "38568260" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38568261" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Install (Spring Cloud Gateway)). The supported version that is affected is 24.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Exposure Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install (Spring Cloud Gateway)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (Spring Cloud Gateway)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Slice Selection Function accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14122V-24.2.4", "P-14118(Install)V-25.1.204" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-24.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU103" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Install)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14122V-24.2.4", "P-14118(Install)V-25.1.204" ] } ] }, { "cve": "CVE-2025-41254", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "38764875" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "38617042" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Spring Web Services)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Spring Framework)). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.1.2.5", "P-4647V-12.2.1.4.0", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7", "P-4647V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-14.1.2.0.0", "P-4647V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU144" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-5680V-8.1.2.5", "P-4647V-14.1.2.0.0", "P-4647V-12.2.1.4.0", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] } ] }, { "cve": "CVE-2025-4138", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38540229" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-4330", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38540229" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-43368", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] } ] }, { "cve": "CVE-2025-43457", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "39108945" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u481-b50. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-8u481-b50" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-8u481-b50" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ] }, { "cve": "CVE-2025-43966", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38577962" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher (libheif)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61-8.62" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ] }, { "cve": "CVE-2025-43967", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38577962" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher (libheif)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61-8.62" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5085V-8.61-8.62" ] } ] }, { "cve": "CVE-2025-4435", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38540229" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-4517", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38540229" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-46392", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38512826" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "39070296" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Apache Commons Configuration)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Commons Lang)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2025-46762", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38873105" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Apache Parquet Java)). The supported version that is affected is 8.2.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-8.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-8.2.0.0.0" ] } ] }, { "cve": "CVE-2025-47219", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] } ] }, { "cve": "CVE-2025-47436", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38962881" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Pulsar)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2025-47910", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-47912", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-47914", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38883829" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Golang Crypto)). The supported version that is affected is 7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via SSH to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2025-48734", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14286V-3.12.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity", "text": "38012348" }, { "system_name": "Oracle Bug ID of Oracle iProcurement", "text": "38648183" }, { "system_name": "Oracle Bug ID of Oracle Yard Management", "text": "38648270" }, { "system_name": "Oracle Bug ID of Oracle Advanced Supply Chain Planning", "text": "38648215" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "38012208" }, { "system_name": "Oracle Bug ID of Oracle Flow Manufacturing", "text": "38735640" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "38012217" }, { "system_name": "Oracle Bug ID of Oracle Adapter for Eclipse RDF4J", "text": "38012316" }, { "system_name": "Oracle Bug ID of Oracle Rapid Planning", "text": "38689726" }, { "system_name": "Oracle Bug ID of Oracle Global Order Promising", "text": "38691834" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "37815196" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "38012233" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Apache Commons BeanUtils)). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Apache Commons BeanUtils)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Configuration (Apache Commons BeanUtils)). Supported versions that are affected are 14.6.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in takeover of Oracle Banking Origination. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Experience Manager (Apache Commons BeanUtils)). The supported version that is affected is 11.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Guided Search. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Adapter for Eclipse RDF4J (component: Adapter for Eclipse RDF (Apache Commons BeanUtils)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Financial Services Applications (component: Logger (Apache Commons BeanUtils)). The supported version that is affected is 1.0.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle iProcurement product of Oracle E-Business Suite (component: iProcurement ECC shopping (Apache Commons BeanUtils)). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks of this vulnerability can result in takeover of Oracle iProcurement. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle E-Business Suite (component: User Interface (Apache Commons BeanUtils)). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Supply Chain Planning. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Supply Chain Planning. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Yard Management product of Oracle E-Business Suite (component: Installation (Apache Commons BeanUtils)). Supported versions that are affected are 12.2.4-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Yard Management. Successful attacks of this vulnerability can result in takeover of Oracle Yard Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Rapid Planning product of Oracle E-Business Suite (component: User Interface (Apache Commons BeanUtils)). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Rapid Planning. Successful attacks of this vulnerability can result in takeover of Oracle Rapid Planning. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Global Order Promising product of Oracle E-Business Suite (component: Web Service (Apache Commons BeanUtils)). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Global Order Promising. Successful attacks of this vulnerability can result in takeover of Oracle Global Order Promising. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security (Apache Commons BeanUtils)). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Flow Manufacturing. Successful attacks of this vulnerability can result in takeover of Oracle Flow Manufacturing. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10485V-12.2.4-12.2.15", "P-398V-12.2.3-12.2.15", "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-729V-12.2.3-12.2.15", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-5235V-12.2.3-12.2.15", "P-300V-12.2.3-12.2.15", "P-13339V-1.0.2.1", "P-9633(Experience Manager)V-11.4.0", "P-719V-12.2.3-12.2.15" ], "known_not_affected": [ "P-14286V-3.12.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13339V-1.0.2.1", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633(Experience Manager)V-11.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU135" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14286V-3.12.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10485V-12.2.4-12.2.15", "P-300V-12.2.3-12.2.15", "P-398V-12.2.3-12.2.15", "P-729V-12.2.3-12.2.15", "P-719V-12.2.3-12.2.15", "P-5235V-12.2.3-12.2.15" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10485V-12.2.4-12.2.15", "P-300V-12.2.3-12.2.15", "P-398V-12.2.3-12.2.15", "P-13339V-1.0.2.1", "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-9633(Experience Manager)V-11.4.0", "P-729V-12.2.3-12.2.15", "P-719V-12.2.3-12.2.15", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-5235V-12.2.3-12.2.15" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14286V-3.12.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14286V-3.12.0" ] } ] }, { "cve": "CVE-2025-4877", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38263952" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38263964" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38263944" }, { "system_name": "Oracle Bug ID of Oracle Communications LSMS", "text": "38263970" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "38263934" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38263956" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Application Processor", "text": "38263967" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "38263935" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE LNP Application Processor", "text": "38263968" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38263958" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: Security (libssh)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libssh)). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as unauthorized read access to a subset of MySQL Cluster accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (libssh)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Blockchain Platform accessible data as well as unauthorized read access to a subset of Oracle Blockchain Platform accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (libssh)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (libssh)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (libssh)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (libssh)). Supported versions that are affected are 9.3.0, 10.0.0 and 10.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Application Processor product of Oracle Communications (component: Other (libssh)). Supported versions that are affected are 17.0-17.1. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE LNP Application Processor product of Oracle Communications (component: Patches (libssh)). The supported version that is affected is 11.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE LNP Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE LNP Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications LSMS product of Oracle Communications (component: Platform (libssh)). The supported version that is affected is 14.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications LSMS. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications LSMS accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications LSMS.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-14117V-25.1.202", "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-14123V-25.1.200", "P-11122V-17.0-17.1", "P-10750V-9.3.0", "P-8479V-8.4.0-8.4.7", "P-14118(Signaling)V-25.1.204", "P-14117V-25.2.100", "P-11118V-11.0", "P-11114V-14.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14252V-25.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-25.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU119" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-8479V-8.4.0-8.4.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11122V-17.0-17.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU106" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11118V-11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU118" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11114V-14.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU117" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-25.2.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ] }, { "cve": "CVE-2025-4878", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38263952" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38263964" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38263944" }, { "system_name": "Oracle Bug ID of Oracle Communications LSMS", "text": "38263970" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "38263934" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38263956" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Application Processor", "text": "38263967" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "38263935" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE LNP Application Processor", "text": "38263968" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38263958" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: Security (libssh)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libssh)). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as unauthorized read access to a subset of MySQL Cluster accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (libssh)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Blockchain Platform accessible data as well as unauthorized read access to a subset of Oracle Blockchain Platform accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (libssh)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (libssh)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (libssh)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (libssh)). Supported versions that are affected are 9.3.0, 10.0.0 and 10.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Application Processor product of Oracle Communications (component: Other (libssh)). Supported versions that are affected are 17.0-17.1. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE LNP Application Processor product of Oracle Communications (component: Patches (libssh)). The supported version that is affected is 11.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE LNP Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE LNP Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications LSMS product of Oracle Communications (component: Platform (libssh)). The supported version that is affected is 14.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications LSMS. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications LSMS accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications LSMS.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-14117V-25.1.202", "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-14123V-25.1.200", "P-11122V-17.0-17.1", "P-10750V-9.3.0", "P-8479V-8.4.0-8.4.7", "P-14118(Signaling)V-25.1.204", "P-14117V-25.2.100", "P-11118V-11.0", "P-11114V-14.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14252V-25.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-25.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU119" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-8479V-8.4.0-8.4.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11122V-17.0-17.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU106" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11118V-11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU118" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11114V-14.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU117" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-25.2.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ] }, { "cve": "CVE-2025-48795", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38237597" }, { "system_name": "Oracle Bug ID of Primavera P6 Enterprise Project Portfolio Management", "text": "38723438" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Security (Apache CXF)). The supported version that is affected is 25.1.200. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: P6 Web Services (Apache CXF)). Supported versions that are affected are 24.12.0.0-24.12.13.0 and 25.12.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5579V-25.12.0.0", "P-14119V-25.1.200", "P-5579V-24.12.0.0-24.12.13.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5579V-25.12.0.0", "P-5579V-24.12.0.0-24.12.13.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU121" } ], "scores": [ { "cvss_v3": { "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-5579V-25.12.0.0", "P-14119V-25.1.200", "P-5579V-24.12.0.0-24.12.13.0" ] } ] }, { "cve": "CVE-2025-48913", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39092595" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache CXF)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ] }, { "cve": "CVE-2025-48924", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-2241V-2.5.0.1.16", "P-2241V-2.4.0.1.31", "P-13373V-1.7.0", "P-2241V-2.5.0.2.10", "P-2241V-2.6.0.1.10", "P-14286V-21.1.8", "P-13444V-24.1.3", "P-2241V-2.6.0.2.5", "P-13373V-1.6.5" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38420944" }, { "system_name": "Oracle Bug ID of Siebel CRM Deployment", "text": "38845100" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "38420902" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Lending and Leasing", "text": "38420973" }, { "system_name": "Oracle Bug ID of Oracle Documaker", "text": "38421227" }, { "system_name": "Oracle Bug ID of Oracle Web Services Manager", "text": "38223398" }, { "system_name": "Oracle Bug ID of Oracle NoSQL Database", "text": "38421167" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38421025" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "39070296" }, { "system_name": "Oracle Bug ID of Oracle BI Publisher", "text": "38346293" }, { "system_name": "Oracle Bug ID of Oracle Adapter for Eclipse RDF4J", "text": "38421126" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38185760" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "38421086" }, { "system_name": "Oracle Bug ID of Oracle Retail Warehouse Management System", "text": "38421021" }, { "system_name": "Oracle Bug ID of Oracle Application Development Framework (ADF)", "text": "38421242" }, { "system_name": "Oracle Bug ID of Oracle Retail Assortment Planning", "text": "38420990" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "38421100" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "38989865" }, { "system_name": "Oracle Bug ID of Oracle Business Activity Monitoring", "text": "38995868" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38512810" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "38842913" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Big Data and Application Adapters", "text": "38916592" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance", "text": "38420939" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RDBMS (Apache Commons Lang) component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where RDBMS (Apache Commons Lang) executes to compromise RDBMS (Apache Commons Lang). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of RDBMS (Apache Commons Lang). CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: Third Party (Apache Commons Lang)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Web Services Manager. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: BI Publisher Microservice (Apache Commons Lang)). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime Security (Apache Commons Lang)). Supported versions that are affected are 9.2.0.0-9.2.26.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Core (Apache Commons Lang)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Common Core (Apache Commons Lang)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Lending and Leasing product of Oracle Financial Services Applications (component: Apache Commons (Apache Commons Lang)). Supported versions that are affected are 14.8.0.0.0 and 14.10.0.0.0-14.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Lending and Leasing. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Lending and Leasing. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Assortment Planning product of Oracle Retail Applications (component: Application Core (Apache Commons Lang)). Supported versions that are affected are 15.0 and 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Retail Assortment Planning. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Assortment Planning. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Warehouse Management System product of Oracle Retail Applications (component: Security (Apache Commons Lang)). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Warehouse Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Retail Warehouse Management System. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Apache Commons Lang)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: SW- System Wide (Apache Commons Lang)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Apache Commons Lang)). Supported versions that are affected are 7.0.0.0.7, 7.0.0.1.5 and 25.4.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Utilities Testing Accelerator. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Adapter for Eclipse RDF4J (component: Adapter for Eclipse RDF (Apache Commons Lang)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Apache Commons Lang)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Documaker product of Oracle Financial Services Applications (component: Documaker Core (Apache Commons Lang)). Supported versions that are affected are 12.7.2-13.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Documaker. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces (Apache Commons Lang)). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Development Framework (ADF). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Platform (Apache Commons Lang)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Commons Lang)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Keyword Automation (Apache Commons Lang)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM Deployment. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Third Party (Apache Commons Lang)). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle GoldenGate Big Data and Application Adapters. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GoldenGate Big Data and Application Adapters. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Composer (Apache Commons Lang)). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Activity Monitoring product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Log4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Activity Monitoring. While the vulnerability is in Oracle Business Activity Monitoring, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Activity Monitoring.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Commons Lang)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5477V-12.7.2-13.0.2", "P-13487(Platform)V-14.5.0.0.0-14.8.0.0.0", "P-5325V-14.1.2.0.0", "P-1479V-7.6.0.0.0", "P-1847V-16.0", "P-5(RDBMS)V-23.4.0-23.26.1", "P-13487(Common Core)V-14.5.0.0.0-14.8.0.0.0", "P-1675V-12.2.1.4.0", "P-5242V-12.2.1.4.0", "P-4781V-9.2.0.0-9.2.26.1", "P-1775V-14.1.2.0.0", "P-807V-14.1.2.0.0", "P-9019V-17.0-26.2", "P-1775V-12.2.1.4.0", "P-1788V-15.0", "P-10484V-14.8.0.0.0", "P-1788V-16.0", "P-5760V-23.4-23.10", "P-10484V-14.10.0.0.0-14.12.0.0.0", "P-13784V-25.4.0.0.2", "P-5242V-14.1.1.0.0", "P-4647V-12.2.1.4.0", "P-1479V-8.2.0.0.0", "P-13784V-7.0.0.1.5", "P-14134V-14.5.0.0.0-14.8.0.0.0", "P-13784V-7.0.0.0.7" ], "known_not_affected": [ "P-2241V-2.5.0.1.16", "P-2241V-2.4.0.1.31", "P-13373V-1.7.0", "P-2241V-2.5.0.2.10", "P-2241V-2.6.0.1.10", "P-14286V-21.1.8", "P-13444V-24.1.3", "P-2241V-2.6.0.2.5", "P-13373V-1.6.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13373V-1.7.0", "P-5(RDBMS)V-23.4.0-23.26.1", "P-14286V-21.1.8", "P-13444V-24.1.3", "P-13373V-1.6.5", "P-5760V-23.4-23.10" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-807V-14.1.2.0.0", "P-1775V-12.2.1.4.0", "P-5325V-14.1.2.0.0", "P-5242V-14.1.1.0.0", "P-4647V-12.2.1.4.0", "P-1675V-12.2.1.4.0", "P-5242V-12.2.1.4.0", "P-1775V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1479V-7.6.0.0.0", "P-1479V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU137" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5477V-12.7.2-13.0.2", "P-13487(Platform)V-14.5.0.0.0-14.8.0.0.0", "P-13487(Common Core)V-14.5.0.0.0-14.8.0.0.0", "P-10484V-14.8.0.0.0", "P-10484V-14.10.0.0.0-14.12.0.0.0", "P-14134V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1847V-16.0", "P-1788V-15.0", "P-1788V-16.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU72" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.5.0.1.16", "P-2241V-2.4.0.1.31", "P-2241V-2.5.0.2.10", "P-2241V-2.6.0.1.10", "P-2241V-2.6.0.2.5", "P-13784V-7.0.0.1.5", "P-13784V-25.4.0.0.2", "P-13784V-7.0.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU133" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9019V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5(RDBMS)V-23.4.0-23.26.1" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-807V-14.1.2.0.0", "P-5477V-12.7.2-13.0.2", "P-9019V-17.0-26.2", "P-1775V-12.2.1.4.0", "P-13487(Platform)V-14.5.0.0.0-14.8.0.0.0", "P-5325V-14.1.2.0.0", "P-1479V-7.6.0.0.0", "P-1847V-16.0", "P-13487(Common Core)V-14.5.0.0.0-14.8.0.0.0", "P-1788V-15.0", "P-10484V-14.8.0.0.0", "P-1788V-16.0", "P-10484V-14.10.0.0.0-14.12.0.0.0", "P-13784V-25.4.0.0.2", "P-4647V-12.2.1.4.0", "P-1479V-8.2.0.0.0", "P-4781V-9.2.0.0-9.2.26.1", "P-1775V-14.1.2.0.0", "P-13784V-7.0.0.1.5", "P-14134V-14.5.0.0.0-14.8.0.0.0", "P-13784V-7.0.0.0.7" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-2241V-2.5.0.1.16", "P-2241V-2.4.0.1.31", "P-13373V-1.7.0", "P-2241V-2.5.0.2.10", "P-2241V-2.6.0.1.10", "P-14286V-21.1.8", "P-13444V-24.1.3", "P-2241V-2.6.0.2.5", "P-13373V-1.6.5" ] }, { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-5760V-23.4-23.10" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-2241V-2.5.0.1.16", "P-2241V-2.4.0.1.31", "P-13373V-1.7.0", "P-2241V-2.5.0.2.10", "P-2241V-2.6.0.1.10", "P-14286V-21.1.8", "P-13444V-24.1.3", "P-2241V-2.6.0.2.5", "P-13373V-1.6.5" ] } ] }, { "cve": "CVE-2025-48976", "ids": [ { "system_name": "Oracle Bug ID of Oracle FLEXCUBE Enterprise Limits and Collateral Management", "text": "38189960" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "38183613" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38189919" }, { "system_name": "Oracle Bug ID of Oracle Adapter for Eclipse RDF4J", "text": "38200221" }, { "system_name": "Oracle Bug ID of Oracle Banking Collections and Recovery", "text": "38183612" }, { "system_name": "Oracle Bug ID of Oracle Banking Supply Chain Finance", "text": "38189917" }, { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "38183618" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "38189918" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "38189915" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "38189931" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38512819" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38189932" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Collections and Recovery product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons FileUpload)). Supported versions that are affected are 14.6.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Collections and Recovery. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Collections and Recovery. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Core (Apache Commons FileUpload)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Apache Commons FileUpload)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Configuration (Apache Commons FileUpload)). Supported versions that are affected are 14.6.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Supply Chain Finance product of Oracle Financial Services Applications (component: Security (Apache Commons FileUpload)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Supply Chain Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Supply Chain Finance. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Apache Commons FileUpload)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Core (Apache Commons FileUpload)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Apache Commons FileUpload)). The supported version that is affected is 24.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (Apache Commons FileUpload)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons FileUpload)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Adapter for Eclipse RDF4J (component: Adapter for Eclipse RDF (Apache Commons FileUpload)). The supported version that is affected is 3.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Adapter for Eclipse RDF4J. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Adapter for Eclipse RDF4J. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Platform (Apache Commons FileUpload)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13703V-14.5.0.0.0-14.8.0.0.0", "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-14286V-3.12.0", "P-13487(Platform)V-14.5.0.0.0-14.8.0.0.0", "P-14122V-24.2.1", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14742V-14.6.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-9100V-14.5.0.0.0-14.8.0.0.0", "P-13718V-14.5.0.0.0-14.8.0.0.0", "P-14118(Signaling)V-25.1.204", "P-13487(Core)V-14.5.0.0.0-14.8.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13703V-14.5.0.0.0-14.8.0.0.0", "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-13487(Platform)V-14.5.0.0.0-14.8.0.0.0", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14742V-14.6.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-9100V-14.5.0.0.0-14.8.0.0.0", "P-13718V-14.5.0.0.0-14.8.0.0.0", "P-13487(Core)V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-24.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU103" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14286V-3.12.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13703V-14.5.0.0.0-14.8.0.0.0", "P-13872V-14.5.0.0.0-14.8.0.0.0", "P-14286V-3.12.0", "P-14122V-24.2.1", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14742V-14.6.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-9100V-14.5.0.0.0-14.8.0.0.0", "P-13718V-14.5.0.0.0-14.8.0.0.0", "P-14118(Signaling)V-25.1.204", "P-13487(Core)V-14.5.0.0.0-14.8.0.0.0" ] }, { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13487(Platform)V-14.5.0.0.0-14.8.0.0.0" ] } ] }, { "cve": "CVE-2025-5115", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14286V-21.1.8" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-14117(Signaling)V-25.1.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Credit Facilities Process Management", "text": "38419945" }, { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "38391828" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38436253" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Element Management System", "text": "38419968" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38448600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38448599" }, { "system_name": "Oracle Bug ID of Oracle Adapter for Eclipse RDF4J", "text": "38419990" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle REST Data Services (component: Third Party (Eclipse Jetty)). Supported versions that are affected are 24.2.0, 24.2.1, 24.3.0, 24.3.1, 24.4.0, 25.1.1, 25.2.0, 25.2.1, 25.2.2, 25.2.3 and . Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle REST Data Services. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Credit Facilities Process Management product of Oracle Financial Services Applications (component: Common (Eclipse Jetty)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Banking Credit Facilities Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Credit Facilities Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Element Management System product of Oracle Communications (component: Security (Eclipse Jetty)). The supported version that is affected is 47.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE Element Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Element Management System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Adapter for Eclipse RDF4J (component: Adapter for Eclipse RDF (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Eclipse Jetty)). Supported versions that are affected are 25.1.201 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (Eclipse Jetty)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-11125V-47.0.0.1.0", "P-14123V-25.1.201", "P-9456V-25.2.3", "P-13703V-14.5.0.0.0-14.8.0.0.0", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-14117(Install)V-25.1.200", "P-9456V-25.2.1", "P-14123V-25.2.100" ], "known_not_affected": [ "P-14117(Signaling)V-25.1.200", "P-14286V-21.1.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-25.2.2", "P-9456V-24.2.0", "P-9456V-25.2.1", "P-14286V-21.1.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13703V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11125V-47.0.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU100" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117(Signaling)V-25.1.200", "P-14117(Install)V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.2.100", "P-14123V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-11125V-47.0.0.1.0", "P-14123V-25.1.201", "P-9456V-25.2.3", "P-13703V-14.5.0.0.0-14.8.0.0.0", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-14117(Install)V-25.1.200", "P-9456V-25.2.1", "P-14123V-25.2.100" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14117(Signaling)V-25.1.200", "P-14286V-21.1.8" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14286V-21.1.8" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-14117(Signaling)V-25.1.200" ] } ] }, { "cve": "CVE-2025-52967", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38980568" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (mlflow)). Supported versions that are affected are 6.1.1-7.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ] }, { "cve": "CVE-2025-52999", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-12752V-12.2.0.1.16-12.2.0.1.49" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "39067740" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "38888633" }, { "system_name": "Oracle Bug ID of Oracle Global Lifecycle Management OPatchAuto", "text": "39032009" }, { "system_name": "Oracle Bug ID of Primavera P6 Enterprise Project Portfolio Management", "text": "38868933" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access (jackson-core)). Supported versions that are affected are 21.12.0.0-21.12.21.6, 22.12.0.0-22.12.21.1, 23.12.0.0-23.12.18.0, 24.12.0.0-24.12.13.0 and 25.12.0.0-25.12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Document Service (jackson-core)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Global Lifecycle Management OPatchAuto product of Oracle Global Lifecycle Management (component: Database extensions (jackson-core)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Security Framework (jackson-core)). The supported version that is affected is 13.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5579V-23.12.0.0-23.12.18.0", "P-5579V-21.12.0.0-21.12.21.6", "P-5579V-22.12.0.0-22.12.21.1", "P-5579V-25.12.0.0-25.12.2.0", "P-5325V-12.2.1.4.0", "P-1370V-13.5", "P-5579V-24.12.0.0-24.12.13.0" ], "known_not_affected": [ "P-12752V-12.2.0.1.16-12.2.0.1.49" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5579V-23.12.0.0-23.12.18.0", "P-5579V-21.12.0.0-21.12.21.6", "P-5579V-22.12.0.0-22.12.21.1", "P-5579V-25.12.0.0-25.12.2.0", "P-5579V-24.12.0.0-24.12.13.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU121" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-12752V-12.2.0.1.16-12.2.0.1.49" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-13.5" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU59" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "P-5579V-23.12.0.0-23.12.18.0", "P-5579V-21.12.0.0-21.12.21.6", "P-5579V-22.12.0.0-22.12.21.1", "P-5579V-25.12.0.0-25.12.2.0", "P-5579V-24.12.0.0-24.12.13.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5325V-12.2.1.4.0", "P-1370V-13.5" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-12752V-12.2.0.1.16-12.2.0.1.49" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-12752V-12.2.0.1.16-12.2.0.1.49" ] } ] }, { "cve": "CVE-2025-5318", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38263952" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38263964" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38263944" }, { "system_name": "Oracle Bug ID of Oracle Communications LSMS", "text": "38263970" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Communications Broker", "text": "39070578" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "38263934" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38263956" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Application Processor", "text": "38263967" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "38263935" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE LNP Application Processor", "text": "38263968" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38263958" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: Security (libssh)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libssh)). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (libssh)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Blockchain Platform accessible data as well as unauthorized read access to a subset of Oracle Blockchain Platform accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (libssh)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (libssh)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (libssh)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (libssh)). Supported versions that are affected are 9.3.0, 10.0.0 and 10.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Application Processor product of Oracle Communications (component: Other (libssh)). Supported versions that are affected are 17.0-17.1. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Application Processor. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE LNP Application Processor product of Oracle Communications (component: Patches (libssh)). The supported version that is affected is 11.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE LNP Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE LNP Application Processor. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications LSMS product of Oracle Communications (component: Platform (libssh)). The supported version that is affected is 14.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications LSMS. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications LSMS accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications LSMS. CVSS 3.1 Base Score 8.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications (component: Third Party (libssh)). Supported versions that are affected are 4.2.0 and 5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10758V-4.2.0", "P-14117V-25.1.202", "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-14123V-25.1.200", "P-11122V-17.0-17.1", "P-10758V-5.0.0", "P-10750V-9.3.0", "P-8479V-8.4.0-8.4.7", "P-14118(Signaling)V-25.1.204", "P-14117V-25.2.100", "P-11118V-11.0", "P-11114V-14.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14252V-25.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-25.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU119" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-8479V-8.4.0-8.4.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11122V-17.0-17.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU106" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11118V-11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU118" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11114V-14.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU117" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10758V-4.2.0", "P-10758V-5.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU88" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-25.2.0.0.0" ] }, { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-10758V-4.2.0", "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-13444V-24.1.3", "P-10758V-5.0.0", "P-8479V-8.4.0-8.4.7" ] }, { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-14117V-25.2.100", "P-14117V-25.1.202", "P-11118V-11.0", "P-14123V-25.1.200", "P-11122V-17.0-17.1", "P-11114V-14.0", "P-10750V-9.3.0", "P-14118(Signaling)V-25.1.204" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ] }, { "cve": "CVE-2025-5351", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38263952" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38263964" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38263944" }, { "system_name": "Oracle Bug ID of Oracle Communications LSMS", "text": "38263970" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "38263934" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38263956" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Application Processor", "text": "38263967" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "38263935" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE LNP Application Processor", "text": "38263968" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38263958" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: Security (libssh)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libssh)). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as unauthorized read access to a subset of MySQL Cluster accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (libssh)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Blockchain Platform accessible data as well as unauthorized read access to a subset of Oracle Blockchain Platform accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (libssh)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (libssh)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (libssh)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (libssh)). Supported versions that are affected are 9.3.0, 10.0.0 and 10.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Application Processor product of Oracle Communications (component: Other (libssh)). Supported versions that are affected are 17.0-17.1. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE LNP Application Processor product of Oracle Communications (component: Patches (libssh)). The supported version that is affected is 11.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE LNP Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE LNP Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications LSMS product of Oracle Communications (component: Platform (libssh)). The supported version that is affected is 14.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications LSMS. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications LSMS accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications LSMS.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-14117V-25.1.202", "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-14123V-25.1.200", "P-11122V-17.0-17.1", "P-10750V-9.3.0", "P-8479V-8.4.0-8.4.7", "P-14118(Signaling)V-25.1.204", "P-14117V-25.2.100", "P-11118V-11.0", "P-11114V-14.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14252V-25.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-25.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU119" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-8479V-8.4.0-8.4.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11122V-17.0-17.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU106" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11118V-11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU118" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11114V-14.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU117" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-25.2.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ] }, { "cve": "CVE-2025-53643", "ids": [ { "system_name": "Oracle Bug ID of Oracle Utilities Live Energy Connect", "text": "38392866" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Utilities Live Energy Connect product of Oracle Utilities Applications (component: Python Scripting (AIOHTTP)). Supported versions that are affected are 7.1.0.0.45 and 25.12.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Live Energy Connect. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Live Energy Connect accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14257V-25.12.0.0.0", "P-14257V-7.1.0.0.45" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14257V-25.12.0.0.0", "P-14257V-7.1.0.0.45" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU133" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-14257V-25.12.0.0.0", "P-14257V-7.1.0.0.45" ] } ] }, { "cve": "CVE-2025-5372", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38263952" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38263964" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38263944" }, { "system_name": "Oracle Bug ID of Oracle Communications LSMS", "text": "38263970" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38818732" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "38263934" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38263956" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Application Processor", "text": "38263967" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "38263935" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE LNP Application Processor", "text": "38263968" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38263958" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: Security (libssh)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libssh)). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as unauthorized read access to a subset of MySQL Cluster accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (libssh)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Blockchain Platform accessible data as well as unauthorized read access to a subset of Oracle Blockchain Platform accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (libssh)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (libssh)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (libssh)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (libssh)). Supported versions that are affected are 9.3.0, 10.0.0 and 10.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Application Processor product of Oracle Communications (component: Other (libssh)). Supported versions that are affected are 17.0-17.1. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE LNP Application Processor product of Oracle Communications (component: Patches (libssh)). The supported version that is affected is 11.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE LNP Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE LNP Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications LSMS product of Oracle Communications (component: Platform (libssh)). The supported version that is affected is 14.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications LSMS. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications LSMS accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications LSMS.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (libssh)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via SSH to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-14117V-25.1.202", "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-14123V-25.1.200", "P-11122V-17.0-17.1", "P-10750V-9.3.0", "P-8479V-8.4.0-8.4.7", "P-14118(Signaling)V-25.1.204", "P-14117V-25.2.100", "P-11118V-11.0", "P-11114V-14.0", "P-13444V-24.1.3", "P-14597V-6.1.1-7.0.0" ], "known_not_affected": [ "P-14252V-25.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-25.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU119" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-8479V-8.4.0-8.4.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11122V-17.0-17.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU106" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11118V-11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU118" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11114V-14.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU117" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-25.2.0.0.0" ] }, { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ] }, { "cve": "CVE-2025-53864", "ids": [ { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "38364633" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Security (Nimbus JOSE+JWT)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. While the vulnerability is in Oracle Data Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2196V-14.1.2.0.0", "P-2196V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2196V-12.2.1.4.0", "P-2196V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 5.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-2196V-12.2.1.4.0", "P-2196V-14.1.2.0.0" ] } ] }, { "cve": "CVE-2025-54090", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38876344" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ] }, { "cve": "CVE-2025-5449", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38263952" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38263964" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38263944" }, { "system_name": "Oracle Bug ID of Oracle Communications LSMS", "text": "38263970" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "38263934" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38263956" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Application Processor", "text": "38263967" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "38263935" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE LNP Application Processor", "text": "38263968" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38263958" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: Security (libssh)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libssh)). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as unauthorized read access to a subset of MySQL Cluster accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (libssh)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Blockchain Platform accessible data as well as unauthorized read access to a subset of Oracle Blockchain Platform accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (libssh)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (libssh)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (libssh)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (libssh)). Supported versions that are affected are 9.3.0, 10.0.0 and 10.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Application Processor product of Oracle Communications (component: Other (libssh)). Supported versions that are affected are 17.0-17.1. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE LNP Application Processor product of Oracle Communications (component: Patches (libssh)). The supported version that is affected is 11.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE LNP Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE LNP Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications LSMS product of Oracle Communications (component: Platform (libssh)). The supported version that is affected is 14.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications LSMS. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications LSMS accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications LSMS.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-14117V-25.1.202", "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-14123V-25.1.200", "P-11122V-17.0-17.1", "P-10750V-9.3.0", "P-8479V-8.4.0-8.4.7", "P-14118(Signaling)V-25.1.204", "P-14117V-25.2.100", "P-11118V-11.0", "P-11114V-14.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14252V-25.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-25.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU119" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-8479V-8.4.0-8.4.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11122V-17.0-17.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU106" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11118V-11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU118" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11114V-14.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU117" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-25.2.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ] }, { "cve": "CVE-2025-54571", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "38722955" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (ModSecurity)). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hyperion Infrastructure Technology, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion Infrastructure Technology accessible data as well as unauthorized read access to a subset of Oracle Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.24.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.24.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=KA812" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-4392V-11.2.24.0.000" ] } ] }, { "cve": "CVE-2025-55130", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38935843" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38875863" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38875866" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "38993379" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Node.js)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Node.js)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install (Node.js)). The supported version that is affected is 25.1.202. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-25.1.202", "P-14597V-6.1.1-7.0.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14277V-25.1.202" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2025-55131", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38875863" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38875866" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Node.js)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ], "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2025-55132", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38875863" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38875866" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Node.js)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ], "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2025-55163", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Payments", "text": "38312703" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38312725" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38312722" }, { "system_name": "Oracle Bug ID of Oracle Banking Trade Finance Process Management", "text": "38312706" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38312707" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "38312699" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38312721" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38611435" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38457877" }, { "system_name": "Oracle Bug ID of Siebel CRM Deployment", "text": "38882733" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Configuration (Netty)). Supported versions that are affected are 14.6.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Origination. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Payments (Netty)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Trade Finance Process Management product of Oracle Financial Services Applications (component: Dashboard (Netty)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Banking Trade Finance Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance Process Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Core (Netty)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Netty)). Supported versions that are affected are 25.1.200 and 25.2.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (Netty)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Netty)). The supported version that is affected is 25.1.201. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Netty)). Supported versions that are affected are 25.1.100 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Netty)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Keyword Automation (Netty)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Deployment.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13011V-14.5.0.0.0-14.8.0.0.0", "P-14125V-25.1.200", "P-9019V-17.0-26.2", "P-14117V-25.2.100", "P-14125V-25.2.200", "P-2025V-8.2.0.0.0", "P-14117V-25.1.100", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-13718V-14.5.0.0.0-14.8.0.0.0", "P-14118(Signaling)V-25.1.204", "P-14123V-25.1.201" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13011V-14.5.0.0.0-14.8.0.0.0", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-13718V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9019V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13011V-14.5.0.0.0-14.8.0.0.0", "P-14125V-25.1.200", "P-14125V-25.2.200", "P-14325V-14.6.0.0.0-14.8.0.0.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-13718V-14.5.0.0.0-14.8.0.0.0", "P-14118(Signaling)V-25.1.204", "P-14123V-25.1.201" ] } ] }, { "cve": "CVE-2025-55182", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "39138021" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle REST Data Services (component: General (React)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ] }, { "cve": "CVE-2025-55183", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "39138021" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle REST Data Services (component: General (React)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ] }, { "cve": "CVE-2025-55184", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "39138021" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle REST Data Services (component: General (React)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ] }, { "cve": "CVE-2025-55753", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38740530" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38740529" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38740538" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38740528" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Service Communication Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Unified Data Repository.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-25.1.200", "P-14117V-25.2.100", "P-14123V-25.2.100", "P-14119V-25.1.200", "P-14117V-25.1.202" ], "known_not_affected": [ "P-4379V-21.8.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200", "P-14123V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-55754", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38962881" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Pulsar)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ] }, { "cve": "CVE-2025-58050", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Database)V-21.3-21.21" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14117V-25.1.200", "P-14123V-25.1.200", "P-14250V-25.1.201", "P-14277V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38989595" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "39105071" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39105074" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "39105073" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39105087" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "39105075" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "39105078" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "39105077" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (PCRE2)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (PCRE2)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (PCRE2)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (PCRE2)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (PCRE2)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install (PCRE2)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (PCRE2)). Supported versions that are affected are 5.2 and 6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Operations Monitor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2" ], "known_not_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14117V-25.1.200", "P-14123V-25.1.200", "P-14250V-25.1.201", "P-14277V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200", "P-5(Database)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Database)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU112" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.100", "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14117V-25.1.200", "P-14123V-25.1.200", "P-14250V-25.1.201", "P-14277V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200", "P-5(Database)V-21.3-21.21" ] }, { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "P-10761V-6.0", "P-10761V-5.2" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Database)V-21.3-21.21" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14117V-25.1.200", "P-14123V-25.1.200", "P-14250V-25.1.201", "P-14277V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200" ] } ] }, { "cve": "CVE-2025-58056", "ids": [ { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38672473" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38611435" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38457877" }, { "system_name": "Oracle Bug ID of Siebel CRM Deployment", "text": "38882733" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Netty)). Supported versions that are affected are 25.1.100 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Netty)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Platform (Netty)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Keyword Automation (Netty)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Deployment.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9019V-17.0-26.2", "P-2025V-8.2.0.0.0", "P-14117V-25.2.100", "P-14117V-25.1.100", "P-13487V-14.5.0.0.0-14.8.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9019V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2025-58057", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38551204" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38978772" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "38769569" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38672473" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38611435" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38457877" }, { "system_name": "Oracle Bug ID of Siebel CRM Deployment", "text": "38882733" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Netty)). Supported versions that are affected are 25.1.100 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Netty)). The supported version that is affected is 15.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Command Center Framework. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Netty)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Platform (Netty)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications (component: Patch Request (Netty)). Supported versions that are affected are 8.0.0.6.0 and 8.1.0.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Service Catalog and Design. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Keyword Automation (Netty)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Deployment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Deployment. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Netty)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9019V-17.0-26.2", "P-14117V-25.2.100", "P-2283V-8.0.0.6.0", "P-2025V-8.2.0.0.0", "P-14117V-25.1.100", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-13788V-15.0", "P-14597V-6.1.1-7.0.0", "P-2283V-8.1.0.5.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-8.0.0.6.0", "P-2283V-8.1.0.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU60" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9019V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-9019V-17.0-26.2", "P-14117V-25.2.100", "P-2283V-8.0.0.6.0", "P-2025V-8.2.0.0.0", "P-14117V-25.1.100", "P-13788V-15.0", "P-2283V-8.1.0.5.0" ] }, { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ] }, { "cvss_v3": { "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ] }, { "cve": "CVE-2025-58098", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38740530" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38740529" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38876344" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38740538" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38740528" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Service Communication Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0", "P-14123V-25.1.200", "P-14123V-25.2.100", "P-14119V-25.1.200" ], "known_not_affected": [ "P-4379V-21.8.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200", "P-14123V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0", "P-14123V-25.1.200", "P-14123V-25.2.100", "P-14119V-25.1.200" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-58181", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38883829" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Golang Crypto)). The supported version that is affected is 7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via SSH to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-14597V-7.0.0" ] } ] }, { "cve": "CVE-2025-58183", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-58185", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-58186", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-58187", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-58188", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-58189", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-58754", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise CC Common Application Objects", "text": "38648363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Common Application Objects (Axios)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise CC Common Application Objects. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8911V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8911V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8911V-9.2" ] } ] }, { "cve": "CVE-2025-59419", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38611412" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (netty-codec-smtp)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-8.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-2025V-8.2.0.0.0" ] } ] }, { "cve": "CVE-2025-59465", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38935843" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38875863" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38875866" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Node.js)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Node.js)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2025-59466", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38935843" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38875863" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38875866" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Node.js)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Node.js)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2025-59474", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38448600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38448599" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Eclipse Jetty)). Supported versions that are affected are 25.1.201 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (Eclipse Jetty)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-25.2.100", "P-14117V-25.1.200", "P-14123V-25.1.201" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.2.100", "P-14123V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2025-59475", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38448600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38448599" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Eclipse Jetty)). Supported versions that are affected are 25.1.201 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (Eclipse Jetty)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-25.2.100", "P-14117V-25.1.200", "P-14123V-25.1.201" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.2.100", "P-14123V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2025-59476", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38448600" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38448599" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Eclipse Jetty)). Supported versions that are affected are 25.1.201 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (Eclipse Jetty)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-25.2.100", "P-14117V-25.1.200", "P-14123V-25.1.201" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.2.100", "P-14123V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2025-59775", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38740530" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38740529" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38740538" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38876444" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38740528" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Service Communication Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Unified Data Repository.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. Note: This vulnerability applies to Windows only. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0", "P-14123V-25.1.200", "P-14123V-25.2.100", "P-14119V-25.1.200" ], "known_not_affected": [ "P-4379V-21.8.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200", "P-14123V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-5987", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38263952" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38263964" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38263944" }, { "system_name": "Oracle Bug ID of Oracle Communications LSMS", "text": "38263970" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "38263934" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38263956" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Application Processor", "text": "38263967" }, { "system_name": "Oracle Bug ID of MySQL Cluster", "text": "38263935" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE LNP Application Processor", "text": "38263968" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38263958" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: Security (libssh)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (libssh)). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as unauthorized read access to a subset of MySQL Cluster accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (libssh)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Blockchain Platform accessible data as well as unauthorized read access to a subset of Oracle Blockchain Platform accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (libssh)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (libssh)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (libssh)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (libssh)). Supported versions that are affected are 9.3.0, 10.0.0 and 10.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Application Processor product of Oracle Communications (component: Other (libssh)). Supported versions that are affected are 17.0-17.1. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE LNP Application Processor product of Oracle Communications (component: Patches (libssh)). The supported version that is affected is 11.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications EAGLE LNP Application Processor accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE LNP Application Processor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications LSMS product of Oracle Communications (component: Platform (libssh)). The supported version that is affected is 14.0. Easily exploitable vulnerability allows low privileged attacker with network access via SFTP to compromise Oracle Communications LSMS. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications LSMS accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications LSMS.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-14117V-25.1.202", "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-14123V-25.1.200", "P-11122V-17.0-17.1", "P-10750V-9.3.0", "P-8479V-8.4.0-8.4.7", "P-14118(Signaling)V-25.1.204", "P-14117V-25.2.100", "P-11118V-11.0", "P-11114V-14.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14252V-25.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-25.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU119" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8479V-8.0.0-8.0.44", "P-8479V-9.0.0-9.5.0", "P-8479V-8.4.0-8.4.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11122V-17.0-17.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU106" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11118V-11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU118" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11114V-14.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU117" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-25.2.0.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ] }, { "cve": "CVE-2025-6021", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] } ] }, { "cve": "CVE-2025-6052", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] } ] }, { "cve": "CVE-2025-6069", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38540229" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "38540239" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38540269" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (Python)). The supported version that is affected is 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core DBTier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core DBTier.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61-8.62", "P-14974V-25.2.100" ], "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU108" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-61723", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-61724", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-61725", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-61727", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "38960654" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: Third-party components (Golang Go)). Supported versions that are affected are 18.1.4 and 22.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle TimesTen In-Memory Database accessible data as well as unauthorized access to critical data or complete access to all Oracle TimesTen In-Memory Database accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13444V-24.1.3", "P-1870V-22.1.1", "P-1870V-18.1.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-18.1.4", "P-13444V-24.1.3", "P-1870V-22.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-61729", "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38755266" }, { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "38960654" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: Third-party components (Golang Go)). Supported versions that are affected are 18.1.4 and 22.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle TimesTen In-Memory Database accessible data as well as unauthorized access to critical data or complete access to all Oracle TimesTen In-Memory Database accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1870V-18.1.4", "P-13444V-24.1.3", "P-1870V-22.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-18.1.4", "P-13444V-24.1.3", "P-1870V-22.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-61732", "ids": [ { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "38960654" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: Third-party components (Golang Go)). Supported versions that are affected are 18.1.4 and 22.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle TimesTen In-Memory Database accessible data as well as unauthorized access to critical data or complete access to all Oracle TimesTen In-Memory Database accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1870V-18.1.4", "P-1870V-22.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-18.1.4", "P-1870V-22.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2025-61795", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "inline_mitigations_already_exist", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Element Management System", "text": "38599920" }, { "system_name": "Oracle Bug ID of Oracle Hospitality Cruise Shipboard Property Management (SPMS)", "text": "39105042" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "39105046" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "38599910" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Element Management System product of Oracle Communications (component: Security (Apache Tomcat)). The supported version that is affected is 47.0.0.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications EAGLE Element Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications EAGLE Element Management System. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management (SPMS) product of Oracle Hospitality Applications (component: Next-Gen SPMS (Apache Tomcat)). Supported versions that are affected are 23.1.5-23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management (SPMS). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Shipboard Property Management (SPMS) accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Apache Tomcat)). Supported versions that are affected are 7.0.0.0.7, 7.0.0.1.5 and 25.4.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Testing Accelerator accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11705V-23.1.5-23.3.0", "P-13784V-7.0.0.1.5", "P-13784V-25.4.0.0.2", "P-11125V-47.0.0.1.0", "P-13784V-7.0.0.0.7" ], "known_not_affected": [ "P-14252V-25.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-25.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU119" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11125V-47.0.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU100" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11705V-23.1.5-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU122" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.1.5", "P-13784V-25.4.0.0.2", "P-13784V-7.0.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU133" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14252V-25.2.0.0.0" ] }, { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-11125V-47.0.0.1.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "Built-in inline controls or mitigations prevent an adversary from leveraging the vulnerability.", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ] }, { "cve": "CVE-2025-61984", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "38523363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (OpenSSH)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Policy Management executes to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10900V-15.0.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" } ], "scores": [ { "cvss_v3": { "baseScore": 3.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-10900V-15.0.0.0.0" ] } ] }, { "cve": "CVE-2025-62728", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(Java VM)V-12.2.0.1.0", "P-14015V-19.1.0.0.0-19.1.0.0.14", "P-5(Java VM)V-12.1.0.2.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38874695" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "38874707" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Java VM (Apache Hive) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: General (Apache Hive)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(Java VM)V-12.2.0.1.0", "P-5(Java VM)V-12.1.0.2.0", "P-14015V-19.1.0.0.0-19.1.0.0.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Java VM)V-12.2.0.1.0", "P-14015V-19.1.0.0.0-19.1.0.0.14", "P-5(Java VM)V-12.1.0.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Java VM)V-12.2.0.1.0", "P-5(Java VM)V-12.1.0.2.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.14" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(Java VM)V-12.2.0.1.0", "P-14015V-19.1.0.0.0-19.1.0.0.14", "P-5(Java VM)V-12.1.0.2.0" ] } ] }, { "cve": "CVE-2025-6395", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38206350" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38206352" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (GnuTLS)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (GnuTLS)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Service Communication Proxy accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-25.1.200", "P-14117V-25.2.100", "P-14117V-25.1.202" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2025-64505", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38841195" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "38722266" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "38965335" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (libpng)). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Infrastructure Technology accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT (libpng)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (libpng)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.24.0.000", "P-10900V-15.0.0.0.0" ], "known_not_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.24.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=KA812" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2025-64506", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38841195" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "38722266" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "38965335" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (libpng)). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Infrastructure Technology accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT (libpng)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (libpng)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.24.0.000", "P-10900V-15.0.0.0.0" ], "known_not_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.24.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=KA812" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2025-64720", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38841195" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "38722266" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "38965335" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (libpng)). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Infrastructure Technology accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT (libpng)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (libpng)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.24.0.000", "P-10900V-15.0.0.0.0" ], "known_not_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.24.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=KA812" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2025-64775", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "38727137" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Struts)). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.24.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.24.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=KA812" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.24.0.000" ] } ] }, { "cve": "CVE-2025-65018", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38841195" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "38722266" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "38965335" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (libpng)). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Infrastructure Technology accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT (libpng)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (libpng)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.24.0.000", "P-10900V-15.0.0.0.0" ], "known_not_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.24.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=KA812" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.24.0.000" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2025-65082", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38740530" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38740529" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38740538" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38740528" }, { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38876636" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Service Communication Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Unified Data Repository.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core (Apache HTTP Server)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0", "P-14123V-25.1.200", "P-14123V-25.2.100", "P-14119V-25.1.200" ], "known_not_affected": [ "P-4379V-21.8.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200", "P-14123V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-66199", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ] }, { "cve": "CVE-2025-66200", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4379V-21.8.1.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38740530" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38740529" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38740538" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38740528" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Service Communication Proxy accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (Apache HTTP Server)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Unified Data Repository accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Unified Data Repository.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache HTTP Server)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14123V-25.1.200", "P-14117V-25.2.100", "P-14123V-25.2.100", "P-14119V-25.1.200", "P-14117V-25.1.202" ], "known_not_affected": [ "P-4379V-21.8.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200", "P-14123V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4379V-21.8.1.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4379V-21.8.1.0.0" ] } ] }, { "cve": "CVE-2025-66293", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38841195" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT (libpng)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2025-66418", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38740312" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "38740351" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38740360" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38740305" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38740316" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38740317" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38740315" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38740326" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (urllib3)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (urllib3)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (urllib3)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (urllib3)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (urllib3)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (urllib3)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (urllib3)). Supported versions that are affected are 2.5.0.1.16, 2.5.0.2.10, 2.6.0.1.10 and 2.6.0.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Network Management System. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (urllib3)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-25.2.100", "P-2241V-2.5.0.1.16", "P-14117V-25.1.202", "P-14123V-25.1.200", "P-5085V-8.61-8.62", "P-2241V-2.5.0.2.10", "P-2241V-2.6.0.1.10", "P-2241V-2.6.0.2.6", "P-14119V-25.1.200", "P-14597V-6.1.1-7.0.0", "P-14118(Signaling)V-25.1.204" ], "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.5.0.1.16", "P-2241V-2.5.0.2.10", "P-2241V-2.6.0.1.10", "P-2241V-2.6.0.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU133" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14117V-25.2.100", "P-2241V-2.5.0.1.16", "P-14117V-25.1.202", "P-14123V-25.1.200", "P-5085V-8.61-8.62", "P-2241V-2.5.0.2.10", "P-2241V-2.6.0.1.10", "P-2241V-2.6.0.2.6", "P-14119V-25.1.200", "P-14118(Signaling)V-25.1.204" ] }, { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-66453", "ids": [ { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "39028938" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle REST Data Services (component: REST Services (Rhino)). Supported versions that are affected are 24.2.0, 24.2.1, 24.3.0, 24.3.1, 24.4.0, 25.1.1, 25.2.0, 25.2.1, 25.2.2, 25.2.3, 25.3.0, 25.3.1 and 25.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle REST Data Services. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ] }, { "cve": "CVE-2025-66471", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38740312" }, { "system_name": "Oracle Bug ID of Oracle Utilities Network Management System", "text": "38740351" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38740360" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38740305" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38740316" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38740317" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38740315" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38740326" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (urllib3)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (urllib3)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (urllib3)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (urllib3)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: ATS Framework (urllib3)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (urllib3)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (urllib3)). Supported versions that are affected are 2.5.0.1.16, 2.5.0.2.10, 2.6.0.1.10 and 2.6.0.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Network Management System.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (urllib3)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-25.2.100", "P-2241V-2.5.0.1.16", "P-14117V-25.1.202", "P-14123V-25.1.200", "P-5085V-8.61-8.62", "P-2241V-2.5.0.2.10", "P-2241V-2.6.0.1.10", "P-2241V-2.6.0.2.6", "P-14119V-25.1.200", "P-14597V-6.1.1-7.0.0", "P-14118(Signaling)V-25.1.204" ], "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2241V-2.5.0.1.16", "P-2241V-2.5.0.2.10", "P-2241V-2.6.0.1.10", "P-2241V-2.6.0.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU133" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-66516", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-14118(Install)V-25.1.204", "P-14277V-25.1.201" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13304V-14.8.0.0.0", "P-13487V-14.5.0.15.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38744497" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "38744499" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "38751409" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38839965" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install (Apache Tika)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install (Apache Tika)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Common (Apache Tika)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Platform (Apache Tika)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14118(Install)V-25.1.204", "P-13304V-14.8.0.0.0", "P-14277V-25.1.201", "P-13487V-14.5.0.15.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Install)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.8.0.0.0", "P-13487V-14.5.0.15.0" ], "url": "https://support.oracle.com/" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14118(Install)V-25.1.204", "P-14277V-25.1.201" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13304V-14.8.0.0.0", "P-13487V-14.5.0.15.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-14118(Install)V-25.1.204", "P-14277V-25.1.201" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13304V-14.8.0.0.0", "P-13487V-14.5.0.15.0" ] } ] }, { "cve": "CVE-2025-66566", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14122V-24.2.1", "P-14117V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200", "P-14118(Signaling)V-25.1.204" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "38776220" }, { "system_name": "Oracle Bug ID of Oracle Communications Service Catalog and Design", "text": "38776235" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "38776223" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "38776233" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38776232" }, { "system_name": "Oracle Bug ID of Oracle Banking Branch", "text": "38776206" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "38776239" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38776227" }, { "system_name": "Oracle Bug ID of Oracle Banking Origination", "text": "38776214" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "38776258" }, { "system_name": "Oracle Bug ID of Oracle Banking Corporate Lending Process Management", "text": "38776208" }, { "system_name": "Oracle Bug ID of Oracle Banking Cash Management", "text": "38776207" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38776229" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Banking Branch product of Oracle Financial Services Applications (component: Reports (lz4-java)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Branch. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Branch accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Cash Management product of Oracle Financial Services Applications (component: Common (lz4-java)). The supported version that is affected is 14.8.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Cash Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Cash Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (lz4-java)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending Process Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Origination product of Oracle Financial Services Applications (component: Configuration (lz4-java)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Origination. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Origination accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications (component: Security (lz4-java)). Supported versions that are affected are 15.0.0.0-15.0.1.0 and 15.1.0.0-15.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (lz4-java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (lz4-java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (lz4-java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (lz4-java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install (lz4-java)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Service Catalog and Design product of Oracle Communications (component: Patch Request (lz4-java)). Supported versions that are affected are 8.0.0.6.0, 8.1.0.5.0 and 8.2.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Service Catalog and Design. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Service Catalog and Design accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (lz4-java)). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: General (lz4-java)). Supported versions that are affected are 19.1.0.0.0-19.1.0.0.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Stream Analytics. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle GoldenGate Stream Analytics accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.24.0.000", "P-2283V-8.0.0.6.0", "P-9742V-15.0.0.0-15.0.1.0", "P-14015V-19.1.0.0.0-19.1.0.0.14", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-2283V-8.2.0.2.0", "P-9742V-15.1.0.0-15.2.0.0", "P-14324V-14.5.0.0.0-14.8.0.0.0", "P-14195V-14.8.2.0.0", "P-14325V-14.5.0.0.0-14.8.0.0.0", "P-2283V-8.1.0.5.0" ], "known_not_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14122V-24.2.1", "P-14117V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200", "P-14118(Signaling)V-25.1.204" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-14324V-14.5.0.0.0-14.8.0.0.0", "P-14195V-14.8.2.0.0", "P-14325V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-15.0.0.0-15.0.1.0", "P-9742V-15.1.0.0-15.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU69" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-24.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU103" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.100", "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2283V-8.0.0.6.0", "P-2283V-8.2.0.2.0", "P-2283V-8.1.0.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU60" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.24.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=KA812" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.14" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-4392V-11.2.24.0.000", "P-2283V-8.0.0.6.0", "P-9742V-15.0.0.0-15.0.1.0", "P-14015V-19.1.0.0.0-19.1.0.0.14", "P-13701V-14.5.0.0.0-14.8.0.0.0", "P-2283V-8.2.0.2.0", "P-9742V-15.1.0.0-15.2.0.0", "P-14324V-14.5.0.0.0-14.8.0.0.0", "P-14195V-14.8.2.0.0", "P-14325V-14.5.0.0.0-14.8.0.0.0", "P-2283V-8.1.0.5.0" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14122V-24.2.1", "P-14117V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200", "P-14118(Signaling)V-25.1.204" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14122V-24.2.1", "P-14117V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200", "P-14118(Signaling)V-25.1.204" ] } ] }, { "cve": "CVE-2025-66614", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Database)V-21.3-21.21" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38989595" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39045837" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Tomcat)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Assurance accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ], "known_not_affected": [ "P-5(Database)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Database)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Database)V-21.3-21.21" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Database)V-21.3-21.21" ] } ] }, { "cve": "CVE-2025-67635", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38776311" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38776310" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "39052235" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38776308" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (Jenkins)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Jenkins)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install (Jenkins)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14117V-25.2.100", "P-14117V-25.1.202", "P-14123V-25.1.200", "P-14123V-25.2.100", "P-14118(Install)V-25.1.204" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200", "P-14123V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Install)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14117V-25.2.100", "P-14117V-25.1.202", "P-14123V-25.1.200", "P-14123V-25.2.100" ] } ] }, { "cve": "CVE-2025-67636", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38776311" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38776310" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38776308" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (Jenkins)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Jenkins)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14117V-25.2.100", "P-14117V-25.1.202", "P-14123V-25.1.200", "P-14123V-25.2.100" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200", "P-14123V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2025-67637", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38776311" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38776310" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38776308" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (Jenkins)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Jenkins)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14117V-25.2.100", "P-14117V-25.1.202", "P-14123V-25.1.200", "P-14123V-25.2.100" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200", "P-14123V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2025-67638", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38776311" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38776310" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38776308" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (Jenkins)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Jenkins)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14117V-25.2.100", "P-14117V-25.1.202", "P-14123V-25.1.200", "P-14123V-25.2.100" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200", "P-14123V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2025-67639", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38776311" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "38776310" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38776308" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (Jenkins)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (Jenkins)). Supported versions that are affected are 25.1.202 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14117V-25.2.100", "P-14117V-25.1.202", "P-14123V-25.1.200", "P-14123V-25.2.100" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200", "P-14123V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2025-67721", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5760V-23.4-23.10", "P-5760V-21.3-21.21" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Big Data and Application Adapters", "text": "38944010" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Third Party (Aircompressor)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5760V-23.4-23.10", "P-5760V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5760V-23.4-23.10", "P-5760V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5760V-23.4-23.10", "P-5760V-21.3-21.21" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5760V-23.4-23.10", "P-5760V-21.3-21.21" ] } ] }, { "cve": "CVE-2025-67735", "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Big Data and Application Adapters", "text": "38884555" }, { "system_name": "Oracle Bug ID of Oracle Banking Liquidity Management", "text": "39013656" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Big Data and Application Adapters", "text": "38884635" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Java Delivery (Netty)). Supported versions that are affected are 21.3-21.20 and 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Big Data and Application Adapters. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GoldenGate Big Data and Application Adapters accessible data as well as unauthorized read access to a subset of Oracle GoldenGate Big Data and Application Adapters accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: AWS SDK (Netty)). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate Big Data and Application Adapters. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GoldenGate Big Data and Application Adapters accessible data as well as unauthorized read access to a subset of Oracle GoldenGate Big Data and Application Adapters accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure (Netty)). The supported version that is affected is 14.8.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Liquidity Management accessible data as well as unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5760(Java Delivery)V-21.3-21.20", "P-5760(Java Delivery)V-23.4-23.10", "P-5760(AWS SDK)V-23.4-23.10", "P-13304V-14.8.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5760(Java Delivery)V-21.3-21.20", "P-5760(Java Delivery)V-23.4-23.10", "P-5760(AWS SDK)V-23.4-23.10" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13304V-14.8.1.0.0" ], "url": "https://support.oracle.com/" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5760(Java Delivery)V-21.3-21.20", "P-5760(Java Delivery)V-23.4-23.10", "P-5760(AWS SDK)V-23.4-23.10", "P-13304V-14.8.1.0.0" ] } ] }, { "cve": "CVE-2025-67779", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "39138021" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle REST Data Services (component: General (React)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ] }, { "cve": "CVE-2025-68121", "ids": [ { "system_name": "Oracle Bug ID of Oracle TimesTen In-Memory Database", "text": "38960654" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle TimesTen In-Memory Database (component: Third-party components (Golang Go)). Supported versions that are affected are 18.1.4 and 22.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle TimesTen In-Memory Database accessible data as well as unauthorized access to critical data or complete access to all Oracle TimesTen In-Memory Database accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1870V-18.1.4", "P-1870V-22.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1870V-18.1.4", "P-1870V-22.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-1870V-18.1.4", "P-1870V-22.1.1" ] } ] }, { "cve": "CVE-2025-68160", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38906676" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38906673" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38906416" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38906672" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38906683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security (OpenSSL)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-2025V-8.2.0.0.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ] }, { "cve": "CVE-2025-68161", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14634V-25.11" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.14", "P-5(SQLcl)V-23.4.0-23.26.1" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38823357" }, { "system_name": "Oracle Bug ID of Oracle Retail Merchandising System", "text": "38797850" }, { "system_name": "Oracle Bug ID of Oracle Retail Predictive Application Server", "text": "38797852" }, { "system_name": "Oracle Bug ID of Oracle Configuration Manager", "text": "38829781" }, { "system_name": "Oracle Bug ID of Oracle Retail Price Management", "text": "38797853" }, { "system_name": "Oracle Bug ID of Oracle Identity Manager", "text": "38797811" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Element Management System", "text": "38797614" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "38797658" }, { "system_name": "Oracle Bug ID of Oracle Retail Service Backbone", "text": "38797857" }, { "system_name": "Oracle Bug ID of Oracle Communications Instant Messaging Server", "text": "38797616" }, { "system_name": "Oracle Bug ID of Oracle Life Sciences Empirica Signal", "text": "38843679" }, { "system_name": "Oracle Bug ID of Oracle Autonomous Health Framework", "text": "38786373" }, { "system_name": "Oracle Bug ID of Oracle Insurance Policy Administration J2EE", "text": "38797817" }, { "system_name": "Oracle Bug ID of Oracle Banking Virtual Account Management", "text": "38840482" }, { "system_name": "Oracle Bug ID of Oracle Data Integrator", "text": "38922761" }, { "system_name": "Oracle Bug ID of Oracle Communications Convergence", "text": "38964086" }, { "system_name": "Oracle Bug ID of Oracle Communications Offline Mediation Controller", "text": "38797621" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "38797501" }, { "system_name": "Oracle Bug ID of Oracle Communications Order and Service Management", "text": "38797622" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "38797666" }, { "system_name": "Oracle Bug ID of Oracle Communications Performance Intelligence Center", "text": "38797623" }, { "system_name": "Oracle Bug ID of Oracle Managed File Transfer", "text": "38797503" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "38797624" }, { "system_name": "Oracle Bug ID of Management Cloud Engine", "text": "38797505" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "38797629" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38797829" }, { "system_name": "Oracle Bug ID of Siebel CRM Development", "text": "38874203" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38786424" }, { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "38786864" }, { "system_name": "Oracle Bug ID of Oracle WebCenter Sites", "text": "39094850" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "38797872" }, { "system_name": "Oracle Bug ID of Oracle Communications Billing and Revenue Management", "text": "38797599" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Enterprise Case Management", "text": "38797676" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Command Center Framework", "text": "38797633" }, { "system_name": "Oracle Bug ID of Oracle Retail Assortment Planning", "text": "38797831" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Model Management and Governance", "text": "38797711" }, { "system_name": "Oracle Bug ID of Oracle Retail Bulk Data Integration", "text": "38797832" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38797878" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "38829829" }, { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "38797490" }, { "system_name": "Oracle Bug ID of Oracle Communications BRM - Elastic Charging Engine", "text": "38797563" }, { "system_name": "Oracle Bug ID of Primavera Unifier", "text": "38797883" }, { "system_name": "Oracle Bug ID of Oracle Retail EFTLink", "text": "38797840" }, { "system_name": "Oracle Bug ID of Oracle Product Lifecycle Analytics", "text": "38797884" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "38797643" }, { "system_name": "Oracle Bug ID of Oracle Retail Extract Tranform and Load", "text": "38797841" }, { "system_name": "Oracle Bug ID of Oracle Retail Financial Integration", "text": "38797842" }, { "system_name": "Oracle Bug ID of Oracle Retail Fiscal Management", "text": "38797843" }, { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38797887" }, { "system_name": "Oracle Bug ID of Oracle Utilities Application Framework", "text": "38797723" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Stream Analytics", "text": "38797888" }, { "system_name": "Oracle Bug ID of Oracle Retail Integration Bus", "text": "38797845" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition", "text": "38797725" }, { "system_name": "Oracle Bug ID of Oracle Retail Merchandise Financial Planning", "text": "38797849" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate", "text": "38797729" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Autonomous Health Framework (component: Trace File Analyzer (Apache Log4j)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the SQLcl (Apache Log4j) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Third Party Jars (Apache Log4j)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Runtime Engine (Apache Log4j)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Thirdparty Patch (Apache Log4j)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data as well as unauthorized read access to a subset of Oracle Middleware Common Libraries and Tools accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Apache Log4j)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Managed File Transfer accessible data as well as unauthorized read access to a subset of Oracle Managed File Transfer accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Management Cloud Engine product of Oracle Communications (component: Security (Apache Log4j)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications (component: Security issues (Apache Log4j)). Supported versions that are affected are 15.0.0.0-15.0.1.0 and 15.1.0.0-15.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications BRM - Elastic Charging Engine accessible data as well as unauthorized read access to a subset of Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications (component: Platform (Apache Log4j)). Supported versions that are affected are 15.0.0.0.0-15.0.1.0.0 and 15.1.0.0.0-15.2.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Billing and Revenue Management accessible data as well as unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Element Management System product of Oracle Communications (component: Security (Apache Log4j)). The supported version that is affected is 47.0.0.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications EAGLE Element Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications EAGLE Element Management System accessible data as well as unauthorized read access to a subset of Oracle Communications EAGLE Element Management System accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications (component: Installation (Apache Log4j)). The supported version that is affected is 10.0.1.8.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Instant Messaging Server accessible data as well as unauthorized read access to a subset of Oracle Communications Instant Messaging Server accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Offline Mediation Controller product of Oracle Communications (component: Installation (Apache Log4j)). Supported versions that are affected are 15.0.0.0.0-15.0.1.0.0 and 15.1.0.0.0-15.2.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Offline Mediation Controller. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Offline Mediation Controller accessible data as well as unauthorized read access to a subset of Oracle Communications Offline Mediation Controller accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications (component: Security (Apache Log4j)). Supported versions that are affected are 7.5.0 and 8.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Performance Intelligence Center product of Oracle Communications (component: Management (Apache Log4j)). Supported versions that are affected are 10.5.0.0-10.5.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Performance Intelligence Center. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Performance Intelligence Center accessible data as well as unauthorized read access to a subset of Oracle Communications Performance Intelligence Center accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (Apache Log4j)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications (component: Security Component (Apache Log4j)). Supported versions that are affected are 7.5.0, 7.5.1, 7.6.0, 7.7.0, 7.8.0 and 8.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Inventory Management accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Inventory Management accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: ECC Core (Apache Log4j)). The supported version that is affected is 15.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Command Center Framework accessible data as well as unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service (Apache Log4j)). Supported versions that are affected are 13.5 and 24.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform (Apache Log4j)). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Third Party (Apache Log4j)). Supported versions that are affected are 8.0.8.1, 8.1.2.10 and 8.1.2.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Behavior Detection Platform accessible data as well as unauthorized read access to a subset of Oracle Financial Services Behavior Detection Platform accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Enterprise Case Management product of Oracle Financial Services Applications (component: Installers (Apache Log4j)). Supported versions that are affected are 8.0.8.2, 8.1.2.10 and 8.1.2.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Financial Services Enterprise Case Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Enterprise Case Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Enterprise Case Management accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Apache Log4j)). The supported version that is affected is 8.1.2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Model Management and Governance accessible data as well as unauthorized read access to a subset of Oracle Financial Services Model Management and Governance accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: Security (Apache Log4j)). Supported versions that are affected are 4.3.0.5.0-4.3.0.6.0, 4.4.0.0.0-4.4.0.4.0, 4.5.0.0.0-4.5.0.2.0, 25.4, 25.10 and 26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Application Framework accessible data as well as unauthorized read access to a subset of Oracle Utilities Application Framework accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (Apache Log4j)). The supported version that is affected is 8.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle GoldenGate (component: Third Party (Apache Log4j)). Supported versions that are affected are 23.4-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle GoldenGate. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GoldenGate accessible data as well as unauthorized read access to a subset of Oracle GoldenGate accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Installer (Apache Log4j)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data as well as unauthorized read access to a subset of Oracle Identity Manager accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Insurance Policy Administration J2EE product of Oracle Financial Services Applications (component: Architecture (Apache Log4j)). Supported versions that are affected are 11.3.1.0, 11.3.2.0, 12.0.5.0 and 12.1.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Insurance Policy Administration J2EE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration J2EE accessible data as well as unauthorized read access to a subset of Oracle Insurance Policy Administration J2EE accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Log4j)). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Assortment Planning product of Oracle Retail Applications (component: Application Core (Apache Log4j)). Supported versions that are affected are 15.0 and 16.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Assortment Planning. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Assortment Planning accessible data as well as unauthorized read access to a subset of Oracle Retail Assortment Planning accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Bulk Data Integration product of Oracle Retail Applications (component: BDI Job Scheduler (Apache Log4j)). Supported versions that are affected are 16.0.3 and 19.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Bulk Data Integration. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Bulk Data Integration accessible data as well as unauthorized read access to a subset of Oracle Retail Bulk Data Integration accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail EFTLink product of Oracle Retail Applications (component: Core/Plugin (Apache Log4j)). Supported versions that are affected are 21.0.0-25.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail EFTLink. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail EFTLink accessible data as well as unauthorized read access to a subset of Oracle Retail EFTLink accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Extract Tranform and Load product of Oracle Retail Applications (component: Mathematical Operators (Apache Log4j)). The supported version that is affected is 13.0.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Extract Tranform and Load. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Extract Tranform and Load accessible data as well as unauthorized read access to a subset of Oracle Retail Extract Tranform and Load accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Financial Integration product of Oracle Retail Applications (component: PeopleSoft Integration (Apache Log4j)). Supported versions that are affected are 16.0.3 and 19.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Financial Integration. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Financial Integration accessible data as well as unauthorized read access to a subset of Oracle Retail Financial Integration accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Fiscal Management product of Oracle Retail Applications (component: NF Issuing (Apache Log4j)). The supported version that is affected is 14.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Fiscal Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Fiscal Management accessible data as well as unauthorized read access to a subset of Oracle Retail Fiscal Management accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Integration Bus product of Oracle Retail Applications (component: RIB Kernal (Apache Log4j)). Supported versions that are affected are 16.0.3 and 19.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Integration Bus. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Integration Bus accessible data as well as unauthorized read access to a subset of Oracle Retail Integration Bus accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Merchandise Financial Planning product of Oracle Retail Applications (component: Application Core (Apache Log4j)). Supported versions that are affected are 15.0 and 16.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Merchandise Financial Planning. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Merchandise Financial Planning accessible data as well as unauthorized read access to a subset of Oracle Retail Merchandise Financial Planning accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Security (Apache Log4j)). Supported versions that are affected are 16.0.3 and 19.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Merchandising System accessible data as well as unauthorized read access to a subset of Oracle Retail Merchandising System accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Fusion Client (Apache Log4j)). The supported version that is affected is 16.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Predictive Application Server accessible data as well as unauthorized read access to a subset of Oracle Retail Predictive Application Server accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Price Management product of Oracle Retail Applications (component: Security (Apache Log4j)). The supported version that is affected is 16.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Price Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Price Management accessible data as well as unauthorized read access to a subset of Oracle Retail Price Management accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: RSB Installation (Apache Log4j)). Supported versions that are affected are 16.0.3 and 19.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Service Backbone accessible data as well as unauthorized read access to a subset of Oracle Retail Service Backbone accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Apache Log4j)). Supported versions that are affected are 7.0.0.0.7, 7.0.0.1.5 and 25.4.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Testing Accelerator accessible data as well as unauthorized read access to a subset of Oracle Utilities Testing Accelerator accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch (Apache Log4j)). Supported versions that are affected are 8.61-8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform (Apache Log4j)). Supported versions that are affected are 21.12.0-21.12.17, 22.12.0-22.12.15, 23.12.0-23.12.16, 24.12.0-24.12.13 and 25.12.0-25.12.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Product Lifecycle Analytics product of Oracle Supply Chain (component: Installation Issues (Apache Log4j)). The supported version that is affected is 3.6.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Product Lifecycle Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Product Lifecycle Analytics accessible data as well as unauthorized read access to a subset of Oracle Product Lifecycle Analytics accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: EAI (Apache Log4j)). Supported versions that are affected are 17.0-26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel CRM Integration accessible data as well as unauthorized read access to a subset of Siebel CRM Integration accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Stream Analytics product of Oracle GoldenGate (component: Third Party (Apache Log4j)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Log4j)). The supported version that is affected is 6.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: OCM Request Tunnel (Apache Log4j)). Supported versions that are affected are 13.5 and 24.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Configuration Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Configuration Manager accessible data as well as unauthorized read access to a subset of Oracle Configuration Manager accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install (Apache Log4j)). Supported versions that are affected are 13.5 and 24.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Platform (Apache Log4j)). Supported versions that are affected are 14.5.0.0.0-14.8.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Banking Virtual Account Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data as well as unauthorized read access to a subset of Oracle Banking Virtual Account Management accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core (Apache Log4j)). Supported versions that are affected are 9.2.1-9.2.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Life Sciences Empirica Signal. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences Empirica Signal accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Empirica Signal accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Development product of Oracle Siebel CRM (component: Siebel Approval Manager (Apache Log4j)). Supported versions that are affected are 17.0-26.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Siebel CRM Development. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel CRM Development accessible data as well as unauthorized read access to a subset of Siebel CRM Development accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Security (Apache Log4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Data Integrator accessible data as well as unauthorized read access to a subset of Oracle Data Integrator accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Convergence product of Oracle Communications (component: Configuration (Apache Log4j)). The supported version that is affected is 3.0.3.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Convergence accessible data as well as unauthorized read access to a subset of Oracle Communications Convergence accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Thick Client (Apache Log4j)). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1980V-14.1.2.1.0", "P-4516V-7.7.0", "P-2025V-8.2.0.0.0", "P-5325V-12.2.1.4.0", "P-9001V-17.0-26.2", "P-9190V-8.1.2.10", "P-1967V-13.5", "P-9190V-8.1.2.11", "P-10198V-12.2.1.4.0", "P-9190V-8.0.8.1", "P-5242V-12.2.1.4.0", "P-9742V-15.1.0.0-15.2.0.0", "P-5279V-11.3.2.0", "P-14276V-8.1.2.7", "P-9617V-14.1.2.0.0", "P-1967V-24.1", "P-1823V-16.0.3", "P-1803V-13.0.5", "P-10354V-23.12.0-23.12.16", "P-10867V-16.0.3", "P-5242V-14.1.1.0.0", "P-1370(Enterprise Manager Install)V-24.1", "P-2245V-25.10", "P-12968V-16.0.3", "P-10722V-19.0.1", "P-1370(Enterprise Manager Install)V-13.5", "P-2270V-7.5.0", "P-1814V-15.0", "P-9387V-3.6.1", "P-1816V-16.0.3", "P-4516V-7.6.0", "P-1980V-12.2.1.4.0", "P-13545V-8.0.8.2", "P-5279V-12.1.1.0", "P-4516V-8.0.0", "P-5085V-8.61-8.62", "P-9646V-9.2.1-9.2.3", "P-5279V-11.3.1.0", "P-10867V-19.0.1", "P-2136(Platform)V-15.1.0.0.0-15.2.0.0.0", "P-2245V-4.3.0.5.0-4.3.0.6.0", "P-10198V-14.1.2.0.0", "P-4647V-14.1.2.0.0", "P-8495V-10.0.1.8.0", "P-12968V-19.0.1", "P-13788V-15.0", "P-1824V-16.0.3", "P-1807V-16.0.3", "P-10354V-25.12.0-25.12.3", "P-10354V-24.12.0-24.12.13", "P-9742V-15.0.0.0-15.0.1.0", "P-2196V-12.2.1.4.0", "P-4647V-12.2.1.4.0", "P-13784V-7.0.0.0.7", "P-13789V-8.0.8", "P-5325V-14.1.2.0.0", "P-1807V-19.0.1", "P-1814V-16.0", "P-8501V-3.0.3.4.0", "P-4516V-7.5.0", "P-4516V-7.5.1", "P-1370(Oracle Management Service)V-13.5", "P-2245V-26.4", "P-13545V-8.1.2.11", "P-13545V-8.1.2.10", "P-5757V-23.4-23.26.1", "P-5279V-12.0.5.0", "P-2269V-15.1.0.0.0-15.2.0.0.0", "P-2245V-4.4.0.0.0-4.4.0.4.0", "P-2270V-8.0.0", "P-5242V-14.1.2.0.0", "P-1788V-15.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-1370(Oracle Management Service)V-24.1", "P-5680V-8.1.2.5", "P-10354V-21.12.0-21.12.17", "P-9617V-12.2.1.4.0", "P-5680V-8.0.8.7", "P-1816V-19.0.1", "P-13784V-7.0.0.1.5", "P-4516V-7.8.0", "P-2025V-7.6.0.0.0", "P-11516V-21.0.0-25.0.0", "P-2269V-15.0.0.0.0-15.0.1.0.0", "P-11044V-10.5.0.0-10.5.0.2", "P-2245V-25.4", "P-14597V-6.1.1", "P-11125V-47.0.0.1.0", "P-9038V-14.2", "P-1788V-16.0", "P-10722V-16.0.3", "P-13784V-25.4.0.0.2", "P-5242V-15.1.1.0.0", "P-10354V-22.12.0-22.12.15", "P-2136(Platform)V-15.0.0.0.0-15.0.1.0.0", "P-2245V-4.5.0.0.0-4.5.0.2.0", "P-10900V-15.0.0.0.0", "P-5680V-8.0.7.9", "P-9008V-17.0-26.2" ], "known_not_affected": [ "P-14634V-25.11", "P-5(SQLcl)V-23.4.0-23.26.1", "P-14252V-25.2.0.0.0", "P-14015V-19.1.0.0.0-19.1.0.0.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5757V-23.4-23.26.1", "P-14015V-19.1.0.0.0-19.1.0.0.14", "P-14634V-25.11", "P-5(SQLcl)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-14.1.2.0.0", "P-1980V-14.1.2.1.0", "P-10198V-14.1.2.0.0", "P-4647V-14.1.2.0.0", "P-9617V-14.1.2.0.0", "P-5242V-14.1.2.0.0", "P-5325V-12.2.1.4.0", "P-5242V-15.1.1.0.0", "P-1980V-12.2.1.4.0", "P-5242V-14.1.1.0.0", "P-10198V-12.2.1.4.0", "P-2196V-12.2.1.4.0", "P-9617V-12.2.1.4.0", "P-4647V-12.2.1.4.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14252V-25.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU119" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9742V-15.0.0.0-15.0.1.0", "P-9742V-15.1.0.0-15.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU69" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2136(Platform)V-15.0.0.0.0-15.0.1.0.0", "P-2136(Platform)V-15.1.0.0.0-15.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU63" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11125V-47.0.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU100" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8495V-10.0.1.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU68" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2269V-15.0.0.0.0-15.0.1.0.0", "P-2269V-15.1.0.0.0-15.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU64" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2270V-8.0.0", "P-2270V-7.5.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU61" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11044V-10.5.0.0-10.5.0.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU113" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.7.0", "P-4516V-7.8.0", "P-4516V-8.0.0", "P-4516V-7.5.0", "P-4516V-7.5.1", "P-4516V-7.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU67" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13788V-15.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370(Enterprise Manager Install)V-13.5", "P-1370(Enterprise Manager Install)V-24.1", "P-1967V-24.1", "P-1370(Oracle Management Service)V-13.5", "P-1967V-13.5", "P-1370(Oracle Management Service)V-24.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU59" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU144" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.0.8.1", "P-9190V-8.1.2.10", "P-9190V-8.1.2.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU123" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13545V-8.0.8.2", "P-13545V-8.1.2.11", "P-13545V-8.1.2.10" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU86" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14276V-8.1.2.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU70" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2245V-4.3.0.5.0-4.3.0.6.0", "P-2245V-4.4.0.0.0-4.4.0.4.0", "P-2245V-4.5.0.0.0-4.5.0.2.0", "P-2245V-25.4", "P-2245V-26.4", "P-2245V-25.10", "P-13784V-7.0.0.1.5", "P-13784V-25.4.0.0.2", "P-13784V-7.0.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU133" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13789V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU124" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5279V-12.0.5.0", "P-5279V-12.1.1.0", "P-5279V-11.3.1.0", "P-5279V-11.3.2.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU131" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10722V-19.0.1", "P-1807V-19.0.1", "P-9038V-14.2", "P-12968V-19.0.1", "P-1814V-16.0", "P-1814V-15.0", "P-1788V-15.0", "P-11516V-21.0.0-25.0.0", "P-1816V-16.0.3", "P-1823V-16.0.3", "P-1788V-16.0", "P-1803V-13.0.5", "P-10722V-16.0.3", "P-1824V-16.0.3", "P-1807V-16.0.3", "P-10867V-16.0.3", "P-10867V-19.0.1", "P-1816V-19.0.1", "P-12968V-16.0.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU72" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10354V-22.12.0-22.12.15", "P-10354V-25.12.0-25.12.3", "P-10354V-23.12.0-23.12.16", "P-10354V-24.12.0-24.12.13", "P-10354V-21.12.0-21.12.17" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU121" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9387V-3.6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU139" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9001V-17.0-26.2", "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13487V-14.5.0.0.0-14.8.0.0.0" ], "url": "https://support.oracle.com/" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9646V-9.2.1-9.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU132" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8501V-3.0.3.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU97" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14634V-25.11", "P-5(SQLcl)V-23.4.0-23.26.1" ] }, { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1980V-14.1.2.1.0", "P-4516V-7.7.0", "P-2025V-8.2.0.0.0", "P-5325V-12.2.1.4.0", "P-9001V-17.0-26.2", "P-9190V-8.1.2.10", "P-1967V-13.5", "P-9190V-8.1.2.11", "P-10198V-12.2.1.4.0", "P-9190V-8.0.8.1", "P-5242V-12.2.1.4.0", "P-9742V-15.1.0.0-15.2.0.0", "P-5279V-11.3.2.0", "P-14276V-8.1.2.7", "P-9617V-14.1.2.0.0", "P-1967V-24.1", "P-1823V-16.0.3", "P-1803V-13.0.5", "P-10354V-23.12.0-23.12.16", "P-10867V-16.0.3", "P-5242V-14.1.1.0.0", "P-1370(Enterprise Manager Install)V-24.1", "P-2245V-25.10", "P-12968V-16.0.3", "P-10722V-19.0.1", "P-1370(Enterprise Manager Install)V-13.5", "P-2270V-7.5.0", "P-1814V-15.0", "P-9387V-3.6.1", "P-1816V-16.0.3", "P-4516V-7.6.0", "P-1980V-12.2.1.4.0", "P-13545V-8.0.8.2", "P-5279V-12.1.1.0", "P-4516V-8.0.0", "P-5085V-8.61-8.62", "P-9646V-9.2.1-9.2.3", "P-5279V-11.3.1.0", "P-10867V-19.0.1", "P-2136(Platform)V-15.1.0.0.0-15.2.0.0.0", "P-2245V-4.3.0.5.0-4.3.0.6.0", "P-10198V-14.1.2.0.0", "P-4647V-14.1.2.0.0", "P-8495V-10.0.1.8.0", "P-12968V-19.0.1", "P-13788V-15.0", "P-1824V-16.0.3", "P-1807V-16.0.3", "P-10354V-25.12.0-25.12.3", "P-10354V-24.12.0-24.12.13", "P-9742V-15.0.0.0-15.0.1.0", "P-2196V-12.2.1.4.0", "P-4647V-12.2.1.4.0", "P-13784V-7.0.0.0.7", "P-13789V-8.0.8", "P-5325V-14.1.2.0.0", "P-1807V-19.0.1", "P-1814V-16.0", "P-8501V-3.0.3.4.0", "P-4516V-7.5.0", "P-4516V-7.5.1", "P-1370(Oracle Management Service)V-13.5", "P-2245V-26.4", "P-13545V-8.1.2.11", "P-13545V-8.1.2.10", "P-5279V-12.0.5.0", "P-2269V-15.1.0.0.0-15.2.0.0.0", "P-2245V-4.4.0.0.0-4.4.0.4.0", "P-2270V-8.0.0", "P-5242V-14.1.2.0.0", "P-1788V-15.0", "P-13487V-14.5.0.0.0-14.8.0.0.0", "P-1370(Oracle Management Service)V-24.1", "P-5680V-8.1.2.5", "P-10354V-21.12.0-21.12.17", "P-9617V-12.2.1.4.0", "P-5680V-8.0.8.7", "P-1816V-19.0.1", "P-13784V-7.0.0.1.5", "P-4516V-7.8.0", "P-2025V-7.6.0.0.0", "P-11516V-21.0.0-25.0.0", "P-2269V-15.0.0.0.0-15.0.1.0.0", "P-11044V-10.5.0.0-10.5.0.2", "P-2245V-25.4", "P-14597V-6.1.1", "P-11125V-47.0.0.1.0", "P-9038V-14.2", "P-1788V-16.0", "P-10722V-16.0.3", "P-13784V-25.4.0.0.2", "P-5242V-15.1.1.0.0", "P-10354V-22.12.0-22.12.15", "P-2136(Platform)V-15.0.0.0.0-15.0.1.0.0", "P-2245V-4.5.0.0.0-4.5.0.2.0", "P-10900V-15.0.0.0.0", "P-5680V-8.0.7.9", "P-9008V-17.0-26.2" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14015V-19.1.0.0.0-19.1.0.0.14", "P-14252V-25.2.0.0.0" ] }, { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5757V-23.4-23.26.1" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14634V-25.11" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14015V-19.1.0.0.0-19.1.0.0.14", "P-5(SQLcl)V-23.4.0-23.26.1" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-14252V-25.2.0.0.0" ] } ] }, { "cve": "CVE-2025-68431", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "39081824" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (libheif)). The supported version that is affected is 8.5.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.8" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "P-2276V-8.5.8" ] } ] }, { "cve": "CVE-2025-68615", "ids": [ { "system_name": "Oracle Bug ID of Oracle Tuxedo", "text": "38906027" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE Application Processor", "text": "38906013" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE LNP Application Processor", "text": "38906014" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38935272" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "38906019" }, { "system_name": "Oracle Bug ID of Oracle Communications LSMS", "text": "38906017" }, { "system_name": "Oracle Bug ID of Oracle Communications Messaging Server", "text": "38906018" }, { "system_name": "Oracle Bug ID of Oracle Communications EAGLE", "text": "38906012" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "38906020" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE product of Oracle Communications (component: Other (Net-SNMP)). The supported version that is affected is 47.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Communications EAGLE. Successful attacks of this vulnerability can result in takeover of Oracle Communications EAGLE. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE Application Processor product of Oracle Communications (component: Other (Net-SNMP)). The supported version that is affected is 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE Application Processor. Successful attacks of this vulnerability can result in takeover of Oracle Communications EAGLE Application Processor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications EAGLE LNP Application Processor product of Oracle Communications (component: Patches (Net-SNMP)). The supported version that is affected is 11.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in takeover of Oracle Communications EAGLE LNP Application Processor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications LSMS product of Oracle Communications (component: Platform (Net-SNMP)). The supported version that is affected is 14.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications LSMS. Successful attacks of this vulnerability can result in takeover of Oracle Communications LSMS. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications (component: Security (Net-SNMP)). The supported version that is affected is 8.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Messaging Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Developer Infrastructure (Net-SNMP)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (Net-SNMP)). The supported version that is affected is 15.0.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Tuxedo product of Oracle Fusion Middleware (component: Docs-ATMI-IB (Net-SNMP)). Supported versions that are affected are 22.1.0 and 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in takeover of Oracle Tuxedo. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Net-SNMP)). The supported version that is affected is 7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via UDP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10768V-47.0", "P-8496V-8.1.0.0.0", "P-5433V-22.1.0", "P-5433V-22.1.1", "P-11118V-11.0", "P-10761V-5.2", "P-10761V-6.1", "P-10900V-15.0.0.1.0", "P-11114V-14.0", "P-11122V-17.0", "P-14597V-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10768V-47.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU109" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11122V-17.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU106" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11118V-11.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU118" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11114V-14.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU117" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8496V-8.1.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU68" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5433V-22.1.0", "P-5433V-22.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10761V-6.0", "P-10768V-47.0", "P-8496V-8.1.0.0.0", "P-5433V-22.1.0", "P-5433V-22.1.1", "P-11118V-11.0", "P-10761V-5.2", "P-10761V-6.1", "P-10900V-15.0.0.1.0", "P-11114V-14.0", "P-11122V-17.0" ] }, { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14597V-7.0.0" ] } ] }, { "cve": "CVE-2025-68973", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "39057941" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Certificate Management", "text": "39135615" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (GnuPG)). The supported version that is affected is 25.1.201. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Console executes to compromise Oracle Communications Cloud Native Core Console. While the vulnerability is in Oracle Communications Cloud Native Core Console, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Console accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Console accessible data. CVSS 3.1 Base Score 7.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Configuration (GnuPG)). The supported version that is affected is 25.1.201. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Certificate Management executes to compromise Oracle Communications Cloud Native Core Certificate Management. While the vulnerability is in Oracle Communications Cloud Native Core Certificate Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Certificate Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Certificate Management accessible data. CVSS 3.1 Base Score 7.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14868V-25.1.201", "P-14250V-25.1.201" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU112" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14868V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU140" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-14868V-25.1.201", "P-14250V-25.1.201" ] } ] }, { "cve": "CVE-2025-69223", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "38850361" }, { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "38850363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (AIOHTTP)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (AIOHTTP)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-26.2", "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14107V-17.0-26.2", "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] } ] }, { "cve": "CVE-2025-69224", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "38850361" }, { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "38850363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (AIOHTTP)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (AIOHTTP)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Cloud Applications.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-26.2", "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2025-69225", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "38850361" }, { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "38850363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (AIOHTTP)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (AIOHTTP)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Cloud Applications.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-26.2", "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2025-69226", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "38850361" }, { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "38850363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (AIOHTTP)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (AIOHTTP)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Cloud Applications.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-26.2", "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2025-69227", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "38850361" }, { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "38850363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (AIOHTTP)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (AIOHTTP)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Cloud Applications.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-26.2", "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2025-69228", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "38850361" }, { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "38850363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (AIOHTTP)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (AIOHTTP)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Cloud Applications.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-26.2", "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2025-69229", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "38850361" }, { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "38850363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (AIOHTTP)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (AIOHTTP)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Cloud Applications.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-26.2", "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2025-69230", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "38850361" }, { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "38850363" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (AIOHTTP)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (AIOHTTP)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Cloud Applications.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-26.2", "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ] }, { "cve": "CVE-2025-69418", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38906676" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38906673" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38906416" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38906672" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38906683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security (OpenSSL)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-2025V-8.2.0.0.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ] }, { "cve": "CVE-2025-69419", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38906676" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38906673" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38906416" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38906672" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38906683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security (OpenSSL)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-2025V-8.2.0.0.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ] }, { "cve": "CVE-2025-69420", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38906676" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38906673" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38906416" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38906672" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38906683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security (OpenSSL)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-2025V-8.2.0.0.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ] }, { "cve": "CVE-2025-69421", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38906676" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38906673" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38906416" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38906672" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38906683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security (OpenSSL)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-2025V-8.2.0.0.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ] }, { "cve": "CVE-2025-6965", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-619(Spatial and Graph)V-23.4.0-23.26.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "38201001" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "39069572" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (SQLite)). The supported version that is affected is 24.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Spatial and Graph (SQLite) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14122V-24.2.1" ], "known_not_affected": [ "P-619(Spatial and Graph)V-23.4.0-23.26.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-24.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU103" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-619(Spatial and Graph)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14122V-24.2.1" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-619(Spatial and Graph)V-23.4.0-23.26.1" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-619(Spatial and Graph)V-23.4.0-23.26.1" ] } ] }, { "cve": "CVE-2025-7425", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] } ] }, { "cve": "CVE-2025-7962", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM End User", "text": "38663548" }, { "system_name": "Oracle Bug ID of Oracle Retail Xstore Point of Service", "text": "39049779" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM (component: Communications Panel/Dashboard (Jakarta Mail)). Supported versions that are affected are 17.0-25.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Siebel CRM End User. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM End User accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Jakarta Mail)). Supported versions that are affected are 21.0.5 and 22.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Retail Xstore Point of Service accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9011V-17.0-25.11", "P-11513V-22.0.3", "P-11513V-21.0.5" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9011V-17.0-25.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11513V-22.0.3", "P-11513V-21.0.5" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU72" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-9011V-17.0-25.11", "P-11513V-22.0.3", "P-11513V-21.0.5" ] } ] }, { "cve": "CVE-2025-8058", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38362571" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (glibc)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-8176", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38645290" }, { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "38645288" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38645301" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38645295" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38645296" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (LibTIFF)). The supported version that is affected is 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (LibTIFF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (LibTIFF)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (LibTIFF)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (LibTIFF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-4449V-21.1.0", "P-14118(Signaling)V-25.1.204" ], "known_not_affected": [ "P-14117V-25.2.100", "P-13444V-24.1.3", "P-14117V-25.1.202" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4449V-21.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU139" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-8177", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38645290" }, { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "38645288" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38645301" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38645295" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38645296" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (LibTIFF)). The supported version that is affected is 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (LibTIFF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (LibTIFF)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (LibTIFF)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (LibTIFF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-4449V-21.1.0", "P-14118(Signaling)V-25.1.204" ], "known_not_affected": [ "P-14117V-25.2.100", "P-13444V-24.1.3", "P-14117V-25.1.202" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4449V-21.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU139" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-8194", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38540229" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "38540239" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38540269" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Configuration (Python)). The supported version that is affected is 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core DBTier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core DBTier. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61-8.62", "P-14974V-25.2.100" ], "known_not_affected": [ "P-13444V-24.1.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-25.2.100" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU108" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-13444V-24.1.3" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-5085V-8.61-8.62", "P-14974V-25.2.100" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-8869", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Cloud Applications", "text": "38904096" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager (pip)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Cloud Applications accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14107V-17.0-26.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14107V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-14107V-17.0-26.2" ] } ] }, { "cve": "CVE-2025-8885", "ids": [ { "system_name": "Oracle Bug ID of Oracle SOA Suite", "text": "39006777" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: B2B Engine (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SOA Suite.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1162V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1162V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ] }, { "cve": "CVE-2025-8916", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "39083968" }, { "system_name": "Oracle Bug ID of Oracle Middleware Common Libraries and Tools", "text": "38316886" }, { "system_name": "Oracle Bug ID of Oracle GoldenGate Big Data and Application Adapters", "text": "38700026" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Thirdparty Patch (Bouncy Castle Java Library)). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Middleware Common Libraries and Tools. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Java Delivery (Bouncy Castle Java Library)). Supported versions that are affected are 21.3-21.20 and 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle GoldenGate Big Data and Application Adapters. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GoldenGate Big Data and Application Adapters. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Bouncy Castle Java Library)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-12.2.1.4.0", "P-4647V-14.1.2.0.0", "P-5242V-14.1.1.0.0", "P-5760V-23.4-23.10", "P-5760V-21.3-21.20" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4647V-14.1.2.0.0", "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5760V-23.4-23.10", "P-5760V-21.3-21.20" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-4647V-14.1.2.0.0", "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0", "P-5760V-23.4-23.10", "P-5760V-21.3-21.20" ] } ] }, { "cve": "CVE-2025-8961", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38645290" }, { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "38645288" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38645301" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38645295" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38645296" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (LibTIFF)). The supported version that is affected is 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (LibTIFF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (LibTIFF)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (LibTIFF)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (LibTIFF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-4449V-21.1.0", "P-14118(Signaling)V-25.1.204" ], "known_not_affected": [ "P-14117V-25.2.100", "P-13444V-24.1.3", "P-14117V-25.1.202" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4449V-21.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU139" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2025-9086", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38448050" }, { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "38448055" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (curl)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (curl)). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0", "P-4392V-11.2.24.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.24.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=KA812" } ], "scores": [ { "cvss_v3": { "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4392V-11.2.24.0.000" ] } ] }, { "cve": "CVE-2025-9230", "ids": [ { "system_name": "Oracle Bug ID of Oracle Autonomous Health Framework", "text": "38829272" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38511616" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "38511582" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security (OpenSSL)). Supported versions that are affected are 9.2.0.0-9.2.26.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (OpenSSL)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Autonomous Health Framework (component: Command Line Interface and SDK (pynacl)). Supported versions that are affected are 25.11-26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Autonomous Health Framework.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-9.2.0.0-9.2.26.1", "P-14634V-25.11-26.1", "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU137" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-25.11-26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-4781V-9.2.0.0-9.2.26.1" ] }, { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ] }, { "cve": "CVE-2025-9231", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38511616" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "38511582" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security (OpenSSL)). Supported versions that are affected are 9.2.0.0-9.2.26.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (OpenSSL)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-9.2.0.0-9.2.26.1", "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU137" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2025-9232", "ids": [ { "system_name": "Oracle Bug ID of Oracle Autonomous Health Framework", "text": "38829272" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38511616" }, { "system_name": "Oracle Bug ID of JD Edwards EnterpriseOne Tools", "text": "38511582" } ], "notes": [ { "category": "description", "text": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security (OpenSSL)). Supported versions that are affected are 9.2.0.0-9.2.26.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (OpenSSL)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in Oracle Autonomous Health Framework (component: Command Line Interface and SDK (pynacl)). Supported versions that are affected are 25.11-26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Autonomous Health Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Autonomous Health Framework. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4781V-9.2.0.0-9.2.26.1", "P-14634V-25.11-26.1", "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4781V-9.2.0.0-9.2.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU137" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-25.11-26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14634V-25.11-26.1" ] } ] }, { "cve": "CVE-2025-9670", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1348V-24.2.13", "P-1348V-23.2.20", "P-1348V-24.1.15" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Express", "text": "38834130" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Application Express product of Oracle APEX (component: General (turndown)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1348V-24.2.13", "P-1348V-24.1.15", "P-1348V-23.2.20" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1348V-24.2.13", "P-1348V-23.2.20", "P-1348V-24.1.15" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1348V-24.2.13", "P-1348V-23.2.20", "P-1348V-24.1.15" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1348V-24.2.13", "P-1348V-23.2.20", "P-1348V-24.1.15" ] } ] }, { "cve": "CVE-2025-9900", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38645290" }, { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "38645288" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "38645301" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "38645295" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "38645296" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (LibTIFF)). The supported version that is affected is 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (LibTIFF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (LibTIFF)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (LibTIFF)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install (LibTIFF)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-4449V-21.1.0", "P-14118(Signaling)V-25.1.204" ], "known_not_affected": [ "P-14117V-25.2.100", "P-13444V-24.1.3", "P-14117V-25.1.202" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4449V-21.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU139" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-4449V-21.1.0", "P-14118(Signaling)V-25.1.204" ] }, { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.202", "P-13444V-24.1.3" ] } ] }, { "cve": "CVE-2026-0540", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-1348V-24.2.15", "P-1348V-23.2.21", "P-1348V-24.1.16" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Express", "text": "39049714" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Application Express product of Oracle APEX (component: General (DOMPurify)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-1348V-24.2.15", "P-1348V-24.1.16", "P-1348V-23.2.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1348V-24.2.15", "P-1348V-23.2.21", "P-1348V-24.1.16" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-1348V-24.2.15", "P-1348V-23.2.21", "P-1348V-24.1.16" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-1348V-24.2.15", "P-1348V-23.2.21", "P-1348V-24.1.16" ] } ] }, { "cve": "CVE-2026-0861", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "38910195" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "38910172" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38910183" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (glibc)). The supported version that is affected is 6.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Enterprise Operations Monitor executes to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Operations Monitor. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (glibc)). Supported versions that are affected are 25.1.200 and 25.2.200. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications (component: Third Party (glibc)). Supported versions that are affected are 7.7.0, 7.8.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Unified Inventory Management executes to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-25.1.200", "P-14125V-25.2.200", "P-4516V-7.7.0", "P-4516V-7.8.0", "P-4516V-8.0.0", "P-10762V-6.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-6.1.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU110" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.7.0", "P-4516V-7.8.0", "P-4516V-8.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU67" } ], "scores": [ { "cvss_v3": { "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200", "P-4516V-7.7.0", "P-4516V-7.8.0", "P-4516V-8.0.0", "P-10762V-6.1.0.0.0" ] } ] }, { "cve": "CVE-2026-0915", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Inventory Management", "text": "38910195" }, { "system_name": "Oracle Bug ID of Oracle Enterprise Operations Monitor", "text": "38910172" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38910183" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: Mediation Engine (glibc)). The supported version that is affected is 6.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Enterprise Operations Monitor executes to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Operations Monitor.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (glibc)). Supported versions that are affected are 25.1.200 and 25.2.200. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications (component: Third Party (glibc)). Supported versions that are affected are 7.7.0, 7.8.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Unified Inventory Management executes to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14125V-25.1.200", "P-14125V-25.2.200", "P-4516V-7.7.0", "P-4516V-7.8.0", "P-4516V-8.0.0", "P-10762V-6.1.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10762V-6.1.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU110" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4516V-7.7.0", "P-4516V-7.8.0", "P-4516V-8.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU67" } ] }, { "cve": "CVE-2026-1580", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38961492" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Ingress NGINX Controller)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2026-1642", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39012582" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (nginx)). Supported versions that are affected are 5.2, 6.0 and 6.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Operations Monitor accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] } ] }, { "cve": "CVE-2026-20608", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "39108945" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u481-b50. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-8u481-b50" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-8u481-b50" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ] }, { "cve": "CVE-2026-20635", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "39108945" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u481-b50. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-8u481-b50" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-8u481-b50" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ] }, { "cve": "CVE-2026-20636", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "39108945" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u481-b50. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-8u481-b50" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-8u481-b50" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ] }, { "cve": "CVE-2026-20644", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "39108945" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u481-b50. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-8u481-b50" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-8u481-b50" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ] }, { "cve": "CVE-2026-20652", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "39108945" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u481-b50. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-8u481-b50" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-8u481-b50" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-856V-8u481-b50" ] } ] }, { "cve": "CVE-2026-20676", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "39108945" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Java SE (component: JavaFX (WebKitGTK)). Supported versions that are affected are Oracle Java SE: 8u481-b50. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-8u481-b50" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-8u481-b50" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ] }, { "cve": "CVE-2026-21441", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-14634V-25.11" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14974V-25.1.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39071801" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "39145790" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Unified Data Repository", "text": "39145784" }, { "system_name": "Oracle Bug ID of Oracle Autonomous Health Framework", "text": "38839907" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38875331" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core DBTier", "text": "39145778" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38740326" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (urllib3)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Autonomous Health Framework (component: Command Line Interface and SDK (urllib3)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pipeline Test Failures (urllib3)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Configuration (urllib3)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core DBTier product of Oracle Communications (component: Install (urllib3)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install (urllib3)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (urllib3)). The supported version that is affected is 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-8.2.0.0.0", "P-14277V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200", "P-14597V-6.1.1-7.0.0", "P-10900V-15.0.0.0.0" ], "known_not_affected": [ "P-14634V-25.11", "P-14974V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14634V-25.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14974V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU108" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14119V-25.1.100", "P-14119V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU115" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14974V-25.1.200", "P-14634V-25.11" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10900V-15.0.0.0.0", "P-2025V-8.2.0.0.0", "P-14277V-25.1.200", "P-14119V-25.1.100", "P-14119V-25.1.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-14634V-25.11" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14974V-25.1.200" ] } ] }, { "cve": "CVE-2026-21452", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5760V-19.1.0.0.0-19.1.0.0.21", "P-5760V-23.4-23.10", "P-5760V-21.3-21.20" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate Big Data and Application Adapters", "text": "38825290" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39071816" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate (component: Third Party (MessagePack)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Configuration (MessagePack)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-25.1.200" ], "known_not_affected": [ "P-5760V-19.1.0.0.0-19.1.0.0.21", "P-5760V-23.4-23.10", "P-5760V-21.3-21.20" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5760V-19.1.0.0.0-19.1.0.0.21", "P-5760V-23.4-23.10", "P-5760V-21.3-21.20" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5760V-19.1.0.0.0-19.1.0.0.21", "P-5760V-23.4-23.10", "P-5760V-21.3-21.20" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14277V-25.1.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5760V-19.1.0.0.0-19.1.0.0.21", "P-5760V-23.4-23.10", "P-5760V-21.3-21.20" ] } ] }, { "cve": "CVE-2026-21636", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38935843" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38875863" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38875866" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Node.js)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Node.js)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2026-21637", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38935843" }, { "system_name": "Oracle Bug ID of Oracle Blockchain Platform", "text": "38875863" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38875866" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). The supported version that is affected is 24.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Node.js)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Node.js)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 4.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0", "P-13444V-24.1.3" ], "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13444V-24.1.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "cvss_v3": { "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2026-21925", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] } ] }, { "cve": "CVE-2026-21932", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] } ] }, { "cve": "CVE-2026-21933", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] } ] }, { "cve": "CVE-2026-21939", "ids": [ { "system_name": "Oracle Bug ID of Oracle Fusion Middleware", "text": "39074465" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Fusion Middleware (component: Oracle Database Client for Fusion Middleware). The supported version that is affected is 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Fusion Middleware executes to compromise Oracle Fusion Middleware. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Fusion Middleware. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1032V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1032V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.0, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1032V-14.1.2.0.0" ] } ] }, { "cve": "CVE-2026-21945", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Certificate Management", "text": "39142570" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Console", "text": "39057975" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Oracle Java SE). The supported version that is affected is 25.1.201. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Certificate Management product of Oracle Communications (component: Oracle Java SE). The supported version that is affected is 25.1.201. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Certificate Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Certificate Management. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14868V-25.1.201", "P-14250V-25.1.201" ], "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14250V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU112" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14868V-25.1.201" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU140" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14868V-25.1.201", "P-14250V-25.1.201" ] } ] }, { "cve": "CVE-2026-21947", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38838189" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(GraalVM Multilingual Engine)V-23.4.0-23.26.1", "P-5(GraalVM Multilingual Engine)V-21.3-21.21" ] } ] }, { "cve": "CVE-2026-21969", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Product Lifecycle Management for Process", "text": "38899535" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4445V-6.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4445V-6.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU139" } ] }, { "cve": "CVE-2026-21997", "ids": [ { "system_name": "Oracle Bug ID of Oracle Life Sciences Empirica Signal", "text": "38608206" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported versions that are affected are 9.2.1-9.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life Sciences Empirica Signal. While the vulnerability is in Oracle Life Sciences Empirica Signal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Life Sciences Empirica Signal accessible data as well as unauthorized read access to a subset of Oracle Life Sciences Empirica Signal accessible data. CVSS 3.1 Base Score 8.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9646V-9.2.1-9.2.3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9646V-9.2.1-9.2.3" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU132" } ], "scores": [ { "cvss_v3": { "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N", "version": "3.1" }, "products": [ "P-9646V-9.2.1-9.2.3" ] } ] }, { "cve": "CVE-2026-21998", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35367340" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-21999", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "37374272" } ], "notes": [ { "category": "description", "text": "Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all XML Database accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(XML Database)V-23.4.0-23.26.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(XML Database)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5(XML Database)V-23.4.0-23.26.1" ] } ] }, { "cve": "CVE-2026-22001", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35243416" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Information Schema)V-8.0.0-8.0.45", "P-8478(Server: Information Schema)V-9.0.0-9.6.0", "P-8478(Server: Information Schema)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Information Schema)V-8.0.0-8.0.45", "P-8478(Server: Information Schema)V-9.0.0-9.6.0", "P-8478(Server: Information Schema)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-8478(Server: Information Schema)V-8.0.0-8.0.45", "P-8478(Server: Information Schema)V-9.0.0-9.6.0", "P-8478(Server: Information Schema)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-22002", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "37824170" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-22003", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38009375" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u481 and 8u481-b50; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 6.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 6.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50" ] } ] }, { "cve": "CVE-2026-22004", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38169053" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-8.4.0-8.4.8" ] } ] }, { "acknowledgments": [ { "names": [ "HoraceYang" ], "organization": "Tencent Security YUNDING LAB" }, { "names": [ "Xiaodong Qi" ], "organization": "Shui Mu Yu Lin" }, { "names": [ "Yuanyi Li" ], "organization": "Shui Mu Yu Lin" } ], "cve": "CVE-2026-22005", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "35634700" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-22006", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise HCM Human Resources", "text": "38607254" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Employee Snapshot). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5071V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5071V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5071V-9.2" ] } ] }, { "acknowledgments": [ { "names": [ "Ken Pyle" ] } ], "cve": "CVE-2026-22007", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38387167" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2026-22008", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38392963" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-25.0.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-25.0.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-856V-25.0.1" ] } ] }, { "acknowledgments": [ { "names": [ "Jingzhou Fu" ], "organization": "WingTecher Lab" }, { "names": [ "Zhiyong Wu" ], "organization": "WingTecher Lab" } ], "cve": "CVE-2026-22009", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38465152" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] } ] }, { "acknowledgments": [ { "names": [ "Co-tang X" ] } ], "cve": "CVE-2026-22010", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "39002777" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU144" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] } ] }, { "acknowledgments": [ { "names": [ "Maxime Escourbiac" ], "organization": "Michelin CERT" }, { "names": [ "Yassine Bengana" ], "organization": "Michelin CERT" } ], "cve": "CVE-2026-22011", "ids": [ { "system_name": "Oracle Bug ID of Oracle Applications DBA", "text": "38510986" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications DBA, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Applications DBA. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-166V-12.2.3-12.2.15" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-166V-12.2.3-12.2.15" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-166V-12.2.3-12.2.15" ] } ] }, { "cve": "CVE-2026-22013", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38540083" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2026-22014", "ids": [ { "system_name": "Oracle Bug ID of Oracle User Management", "text": "38540220" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow and Business Events). Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle User Management accessible data as well as unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1475V-12.2.7-12.2.15" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1475V-12.2.7-12.2.15" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 3.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1475V-12.2.7-12.2.15" ] } ] }, { "cve": "CVE-2026-22015", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "37387633" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Information Schema)V-8.0.0-8.0.45", "P-8478(Server: Information Schema)V-9.0.0-9.6.0", "P-8478(Server: Information Schema)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Information Schema)V-8.0.0-8.0.45", "P-8478(Server: Information Schema)V-9.0.0-9.6.0", "P-8478(Server: Information Schema)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-8478(Server: Information Schema)V-8.0.0-8.0.45", "P-8478(Server: Information Schema)V-9.0.0-9.6.0", "P-8478(Server: Information Schema)V-8.4.0-8.4.8" ] } ] }, { "acknowledgments": [ { "names": [ "Thomas Beckers" ], "organization": "Soptim" } ], "cve": "CVE-2026-22016", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38566677" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "acknowledgments": [ { "names": [ "Anton Fedorov" ] } ], "cve": "CVE-2026-22017", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38573278" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-22018", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38594530" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2026-22019", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise HCM Shared Components", "text": "38752444" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Shared Components, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8943V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8943V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-8943V-9.2" ] } ] }, { "cve": "CVE-2026-22021", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38610035" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2026-22022", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38902079" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Solr)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ] }, { "cve": "CVE-2026-22184", "ids": [ { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "39049089" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Maintenance (zlib)). The supported version that is affected is 8.5.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.8" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2276V-8.5.8" ] } ] }, { "cve": "CVE-2026-22444", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38902079" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Solr)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ] }, { "cve": "CVE-2026-22695", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38841195" }, { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "38869978" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "38965335" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT (libpng)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (libpng)). The supported version that is affected is 21.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle AutoVue executes to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (libpng)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4450V-21.1.0", "P-10900V-15.0.0.0.0" ], "known_not_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4450V-21.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU139" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2026-22795", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38906676" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38906673" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38906416" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38906672" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38906683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security (OpenSSL)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-2025V-8.2.0.0.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ] }, { "cve": "CVE-2026-22796", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38906653" }, { "system_name": "Oracle Bug ID of Oracle Essbase", "text": "38906676" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Border Controller", "text": "38906673" }, { "system_name": "Oracle Bug ID of MySQL Server", "text": "38906652" }, { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "38906416" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906647" }, { "system_name": "Oracle Bug ID of MySQL Connectors", "text": "38906648" }, { "system_name": "Oracle Bug ID of MySQL Enterprise Backup", "text": "38906650" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38906672" }, { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38906683" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security (OpenSSL)). The supported version that is affected is 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)). Supported versions that are affected are 8.0.0-8.0.46. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-5085V-8.61-8.62", "P-2025V-8.2.0.0.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46" ], "known_not_affected": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4629V-8.0.0-8.0.45", "P-8478(Server: Packaging)V-8.0.0-8.0.45", "P-4629V-8.4.0-8.4.8", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-9.0.0-9.6.0", "P-4629V-9.0.0-9.6.0", "P-8478(Server: Packaging)V-8.4.0-8.4.8", "P-4627V-8.0.0-8.0.46", "P-8576(Connector/C++)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU87" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4379V-21.8.1.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-10750V-10.1.0", "P-14125V-25.1.200", "P-10750V-10.0.0", "P-14125V-25.2.200", "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-10750V-9.3.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-8576(Connector/ODBC)V-9.0.0-9.6.0", "P-4379V-21.8.1.0.0", "P-8576(Connector/C++)V-9.0.0-9.6.0" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-10750V-10.1.0", "P-10750V-10.0.0", "P-10750V-9.3.0" ] } ] }, { "cve": "CVE-2026-22801", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38841195" }, { "system_name": "Oracle Bug ID of Oracle AutoVue", "text": "38869978" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "38965335" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT (libpng)). For supported versions that are affected see note. This vulnerability cannot be exploited in the context of this product. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (libpng)). The supported version that is affected is 21.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle AutoVue executes to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (libpng)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4450V-21.1.0", "P-10900V-15.0.0.0.0" ], "known_not_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4450V-21.1.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU139" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] }, { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-4450V-21.1.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2026-23490", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39071795" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Configuration (pyasn1)). The supported version that is affected is 25.1.202. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-25.1.202" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.202" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14277V-25.1.202" ] } ] }, { "cve": "CVE-2026-23864", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle REST Data Services", "text": "39138021" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in Oracle REST Data Services (component: General (React)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-9456V-24.3.1", "P-9456V-24.4.0", "P-9456V-24.2.1", "P-9456V-24.3.0", "P-9456V-24.2.0", "P-9456V-25.2.3", "P-9456V-25.1.1", "P-9456V-25.2.0", "P-9456V-25.2.2", "P-9456V-25.3.1", "P-9456V-25.4.0", "P-9456V-25.2.1", "P-9456V-25.3.0" ] } ] }, { "cve": "CVE-2026-23865", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "39040975" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D (FreeType)). Supported versions that are affected are Oracle Java SE: 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-13497V-21.3.17", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-13497V-21.3.17", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-13497V-21.3.17", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "cve": "CVE-2026-23901", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "39030730" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "39030729" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Third Party (Apache Shiro)). Supported versions that are affected are 9.0.0-9.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Element Manager accessible data.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Third Party (Apache Shiro)). Supported versions that are affected are 9.0.0-9.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Session Report Manager accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11052V-9.0.0-9.0.4", "P-10770V-9.0.0-9.0.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU98" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU116" } ] }, { "cve": "CVE-2026-23903", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "39030730" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "39030729" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Third Party (Apache Shiro)). Supported versions that are affected are 9.0.0-9.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Third Party (Apache Shiro)). Supported versions that are affected are 9.0.0-9.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-11052V-9.0.0-9.0.4", "P-10770V-9.0.0-9.0.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU98" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU116" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-10770V-9.0.0-9.0.4", "P-11052V-9.0.0-9.0.4" ] } ] }, { "cve": "CVE-2026-24400", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(SQLcl)V-21.3-21.21", "P-5(SQLcl)V-19.3-19.30", "P-5(SQLcl)V-23.4.0-23.26.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38898544" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the SQLcl (assertj) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(SQLcl)V-21.3-21.21", "P-5(SQLcl)V-19.3-19.30", "P-5(SQLcl)V-23.4.0-23.26.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(SQLcl)V-21.3-21.21", "P-5(SQLcl)V-19.3-19.30", "P-5(SQLcl)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(SQLcl)V-21.3-21.21", "P-5(SQLcl)V-19.3-19.30", "P-5(SQLcl)V-23.4.0-23.26.1" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(SQLcl)V-21.3-21.21", "P-5(SQLcl)V-19.3-19.30", "P-5(SQLcl)V-23.4.0-23.26.1" ] } ] }, { "cve": "CVE-2026-24481", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-24484", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-24485", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-24512", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38961492" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39077120" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Ingress NGINX Controller)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Ingress NGINX Controller)). The supported version that is affected is 7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-7.0.0" ], "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2026-24513", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38961492" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Ingress NGINX Controller)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2026-24514", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Function Cloud Native Environment", "text": "38961492" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Ingress NGINX Controller)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-14125V-25.2.200", "P-14125V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU107" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-14125V-25.1.200", "P-14125V-25.2.200" ] } ] }, { "cve": "CVE-2026-24515", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-14121V-25.1.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14277V-25.1.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-21.3-21.21", "P-5(RDBMS)V-23.4.0-23.26.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "38944733" }, { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "38944742" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38944725" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38944723" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition", "text": "38944734" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "38944719" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "38944717" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (LibExpat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (LibExpat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (LibExpat)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the RDBMS (libexpat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Third Party (LibExpat)). Supported versions that are affected are 8.0.8.1, 8.1.2.10 and 8.1.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Behavior Detection Platform executes to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Behavior Detection Platform.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (LibExpat)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition executes to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (LibExpat)). The supported version that is affected is 8.5.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13789V-8.0.8", "P-9190V-8.0.8.1", "P-2276V-8.5.8", "P-9190V-8.1.2.10", "P-14597V-6.1.1-7.0.0", "P-9190V-8.1.2.11" ], "known_not_affected": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-23.4.0-23.26.1", "P-5(RDBMS)V-21.3-21.21", "P-14277V-25.1.200", "P-14121V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU102" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-21.3-21.21", "P-5(RDBMS)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.0.8.1", "P-9190V-8.1.2.10", "P-9190V-8.1.2.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU123" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13789V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU124" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.8" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-21.3-21.21", "P-14121V-25.1.200", "P-5(RDBMS)V-23.4.0-23.26.1", "P-14277V-25.1.200" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-14121V-25.1.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14277V-25.1.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-21.3-21.21", "P-5(RDBMS)V-23.4.0-23.26.1" ] } ] }, { "cve": "CVE-2026-24733", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Database)V-21.3-21.21" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38989595" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39045837" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Tomcat)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Assurance accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-6.1.1-7.0.0" ], "known_not_affected": [ "P-5(Database)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Database)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Database)V-21.3-21.21" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Database)V-21.3-21.21" ] } ] }, { "cve": "CVE-2026-24734", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(Database)V-21.3-21.21" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-14069V-26.1.0", "P-14069V-25.4.1", "P-14069V-24.4.5" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38989595" }, { "system_name": "Oracle Bug ID of Oracle Graph Server and Client", "text": "39105041" }, { "system_name": "Oracle Bug ID of Oracle Hospitality Cruise Shipboard Property Management (SPMS)", "text": "39105042" }, { "system_name": "Oracle Bug ID of Oracle Communications Element Manager", "text": "39105034" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "39105033" }, { "system_name": "Oracle Bug ID of Oracle Communications Session Report Manager", "text": "39105035" }, { "system_name": "Oracle Bug ID of Oracle Utilities Testing Accelerator", "text": "39105046" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39045837" }, { "system_name": "Oracle Bug ID of Oracle Commerce Guided Search", "text": "39105027" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Apache Tomcat)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 4.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Endeca Application Controller, Experience Manager (Apache Tomcat)). The supported version that is affected is 11.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (Apache Tomcat)). The supported version that is affected is 15.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Policy Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Third Party (Apache Tomcat)). Supported versions that are affected are 9.0.0-9.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Element Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Third Party (Apache Tomcat)). Supported versions that are affected are 9.0.0-9.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Session Report Manager accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management (SPMS) product of Oracle Hospitality Applications (component: Next-Gen SPMS (Apache Tomcat)). Supported versions that are affected are 23.1.5-23.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management (SPMS). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Shipboard Property Management (SPMS) accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Apache Tomcat)). Supported versions that are affected are 7.0.0.0.7, 7.0.0.1.5 and 25.4.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Testing Accelerator accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9633(Content Acquisition System, Endeca Application Controller, Experience Manager)V-11.4.0", "P-11705V-23.1.5-23.3.0", "P-10900V-15.0.0.0.0", "P-10770V-9.0.0-9.0.4", "P-11052V-9.0.0-9.0.4", "P-14597V-6.1.1-7.0.0", "P-13784V-7.0.0.1.5", "P-13784V-25.4.0.0.2", "P-13784V-7.0.0.0.7" ], "known_not_affected": [ "P-14069V-26.1.0", "P-14069V-24.4.5", "P-14069V-25.4.1", "P-5(Database)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14069V-26.1.0", "P-14069V-25.4.1", "P-14069V-24.4.5", "P-5(Database)V-21.3-21.21" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9633(Content Acquisition System, Endeca Application Controller, Experience Manager)V-11.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU135" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11052V-9.0.0-9.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU98" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10770V-9.0.0-9.0.4" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU116" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-11705V-23.1.5-23.3.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU122" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13784V-7.0.0.1.5", "P-13784V-25.4.0.0.2", "P-13784V-7.0.0.0.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU133" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14069V-26.1.0", "P-14069V-25.4.1", "P-14069V-24.4.5", "P-5(Database)V-21.3-21.21" ] }, { "cvss_v3": { "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-9633(Content Acquisition System, Endeca Application Controller, Experience Manager)V-11.4.0", "P-11705V-23.1.5-23.3.0", "P-10900V-15.0.0.0.0", "P-10770V-9.0.0-9.0.4", "P-11052V-9.0.0-9.0.4", "P-13784V-7.0.0.1.5", "P-13784V-25.4.0.0.2", "P-13784V-7.0.0.0.7" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(Database)V-21.3-21.21" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-14069V-26.1.0", "P-14069V-25.4.1", "P-14069V-24.4.5" ] } ] }, { "cve": "CVE-2026-25210", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "component_not_present", "product_ids": [ "P-14121V-25.1.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14277V-25.1.200" ] }, { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-21.3-21.21", "P-5(RDBMS)V-23.4.0-23.26.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Behavior Detection Platform", "text": "38944733" }, { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "38944742" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38944725" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "38944723" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition", "text": "38944734" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "38944719" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "38944717" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (LibExpat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (LibExpat)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (LibExpat)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the RDBMS (libexpat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Third Party (LibExpat)). Supported versions that are affected are 8.0.8.1, 8.1.2.10 and 8.1.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Behavior Detection Platform executes to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Behavior Detection Platform. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Platform (LibExpat)). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition executes to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (LibExpat)). The supported version that is affected is 8.5.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.8", "P-13789V-8.0.8", "P-9190V-8.1.2.10", "P-14597V-6.1.1-7.0.0", "P-9190V-8.0.8.1", "P-9190V-8.1.2.11" ], "known_not_affected": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-23.4.0-23.26.1", "P-5(RDBMS)V-21.3-21.21", "P-14277V-25.1.200", "P-14121V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU102" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-21.3-21.21", "P-5(RDBMS)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9190V-8.0.8.1", "P-9190V-8.1.2.10", "P-9190V-8.1.2.11" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU123" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13789V-8.0.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU124" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.8" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-21.3-21.21", "P-14121V-25.1.200", "P-5(RDBMS)V-23.4.0-23.26.1", "P-14277V-25.1.200" ] }, { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] }, { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-13789V-8.0.8", "P-9190V-8.0.8.1", "P-2276V-8.5.8", "P-9190V-8.1.2.10", "P-9190V-8.1.2.11" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The software is not affected because the vulnerable component is not in the product.", "product_ids": [ "P-14121V-25.1.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14277V-25.1.200" ] }, { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-21.3-21.21", "P-5(RDBMS)V-23.4.0-23.26.1" ] } ] }, { "cve": "CVE-2026-25576", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25637", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25638", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25646", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-4627V-8.0.0-8.0.46" ] } ], "ids": [ { "system_name": "Oracle Bug ID of MySQL Workbench", "text": "38965332" }, { "system_name": "Oracle Bug ID of Oracle Outside In Technology", "text": "38965339" }, { "system_name": "Oracle Bug ID of Oracle Communications Policy Management", "text": "38965335" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (libpng)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (libpng)). The supported version that is affected is 15.0.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (libpng)). The supported version that is affected is 8.5.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2276V-8.5.8", "P-10900V-15.0.0.0.0" ], "known_not_affected": [ "P-4627V-8.0.0-8.0.46" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4627V-8.0.0-8.0.46" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10900V-15.0.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU105" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2276V-8.5.8" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-4627V-8.0.0-8.0.46" ] }, { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10900V-15.0.0.0.0", "P-2276V-8.5.8" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-4627V-8.0.0-8.0.46" ] } ] }, { "cve": "CVE-2026-25794", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25795", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25796", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25797", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25798", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25799", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25897", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25898", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25965", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25966", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25967", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25968", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] } ] }, { "cve": "CVE-2026-25969", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25970", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25971", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25982", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25983", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25985", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25986", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25987", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25988", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25989", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-25990", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_present", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14123V-25.1.200" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "39000908" }, { "system_name": "Oracle Bug ID of Oracle Financial Services Compliance Studio", "text": "39000916" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Slice Selection Function", "text": "39000906" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Install (Pillow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Security-in-Depth issue in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Pillow)). This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Reports (Pillow)). The supported version that is affected is 8.1.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Compliance Studio. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14392V-8.1.2.9" ], "known_not_affected": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14123V-25.1.200" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU120" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14392V-8.1.2.9" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU71" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14123V-25.1.200" ] }, { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-14392V-8.1.2.9" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The product is not affected because the code underlying the vulnerability is not present in the product. The component in question is present, but for whatever reason (e.g. compiler options) the specific code causing the vulnerability is not present in the component.", "product_ids": [ "P-14130V-25.1.100", "P-14130V-25.1.200", "P-14123V-25.1.200" ] } ] }, { "cve": "CVE-2026-26007", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "39022469" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "39022468" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39022488" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "39022472" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "39022471" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39022470" }, { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39022491" }, { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "39003987" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RDBMS (Python) component of Oracle Database Server. Supported versions that are affected are 21.3-21.21 and 23.4.0-23.26.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise RDBMS (Python). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS (Python) accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Cryptography)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (Cryptography)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Cryptography)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: ATS Framework (Cryptography)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: ATS Framework (Cryptography)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Service Communication Proxy accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (Cryptography)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Operations Monitor accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Cryptography)). Supported versions that are affected are 6.1.1-7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data. CVSS 3.1 Base Score 4.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-5(RDBMS)V-21.3-21.21", "P-14117V-25.2.100", "P-14121V-25.1.200", "P-14117V-25.1.200", "P-10761V-5.2", "P-10761V-6.1", "P-5(RDBMS)V-23.4.0-23.26.1", "P-14123V-25.1.200", "P-14277V-25.1.200", "P-14597V-6.1.1-7.0.0", "P-14118(Signaling)V-25.1.204" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-21.3-21.21", "P-5(RDBMS)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU102" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Signaling)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-6.1.1-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-10761V-6.0", "P-5(RDBMS)V-21.3-21.21", "P-14117V-25.2.100", "P-14121V-25.1.200", "P-14117V-25.1.200", "P-10761V-5.2", "P-10761V-6.1", "P-5(RDBMS)V-23.4.0-23.26.1", "P-14123V-25.1.200", "P-14277V-25.1.200", "P-14118(Signaling)V-25.1.204" ] }, { "cvss_v3": { "baseScore": 4.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-14597V-6.1.1-7.0.0" ] } ] }, { "cve": "CVE-2026-26066", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-26283", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-26284", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-26983", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-27099", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "39052232" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39052237" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "39052234" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "39052235" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "39052239" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "39052240" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Jenkins)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Install (Jenkins)). The supported version that is affected is 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install (Jenkins)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Jenkins)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Jenkins)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Service Communication Proxy. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-25.2.100", "P-14121V-25.1.200", "P-14122V-24.2.1", "P-14117V-25.1.200", "P-14123V-25.1.200", "P-14277V-25.1.200", "P-14118(Install)V-25.1.204" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU102" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-24.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU103" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Install)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ], "scores": [ { "cvss_v3": { "baseScore": 8.0, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14117V-25.2.100", "P-14121V-25.1.200", "P-14122V-24.2.1", "P-14117V-25.1.200", "P-14123V-25.1.200", "P-14277V-25.1.200", "P-14118(Install)V-25.1.204" ] } ] }, { "cve": "CVE-2026-27100", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Binding Support Function", "text": "39052232" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39052237" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Exposure Function", "text": "39052234" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Network Repository Function", "text": "39052235" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Security Edge Protection Proxy", "text": "39052239" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Service Communication Proxy", "text": "39052240" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install (Jenkins)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Install (Jenkins)). The supported version that is affected is 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Install (Jenkins)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Alarms, KPI, and Measurements (Jenkins)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Automated Test Suite (Jenkins)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: ATS Framework (Jenkins)). Supported versions that are affected are 25.1.200 and 25.2.100. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Service Communication Proxy.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14117V-25.2.100", "P-14121V-25.1.200", "P-14122V-24.2.1", "P-14117V-25.1.200", "P-14123V-25.1.200", "P-14277V-25.1.200", "P-14118(Install)V-25.1.204" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14121V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU102" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14122V-24.2.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU103" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14118(Install)V-25.1.204" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU104" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14123V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU101" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14117V-25.2.100", "P-14117V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU111" } ] }, { "cve": "CVE-2026-27135", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_not_in_execute_path", "product_ids": [ "P-5(RDBMS)V-23.4.0-23.26.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "39119287" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the RDBMS (Nhttp2) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(RDBMS)V-23.4.0-23.26.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(RDBMS)V-23.4.0-23.26.1" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The affected code is not reachable through the execution of the code, including non-anticipated states of the product. Components that are neither used nor executed by the product.", "product_ids": [ "P-5(RDBMS)V-23.4.0-23.26.1" ] } ] }, { "cve": "CVE-2026-27727", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "39033116" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (Mchange Commons Java)). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ] } ] }, { "cve": "CVE-2026-27798", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-27799", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-27830", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Intelligence Enterprise Edition", "text": "39033252" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security (c3p0)). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Business Intelligence Enterprise Edition executes to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1576" } ], "scores": [ { "cvss_v3": { "baseScore": 9.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-2025V-7.6.0.0.0", "P-2025V-8.2.0.0.0" ] } ] }, { "cve": "CVE-2026-28493", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-28494", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-28686", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-28687", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-28688", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-28689", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-28690", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-28691", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-28692", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-28693", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-30883", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-30929", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-30931", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-30935", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-30936", "ids": [ { "system_name": "Oracle Bug ID of Siebel CRM Integration", "text": "38848006" }, { "system_name": "Oracle Bug ID of Oracle Communications Operations Monitor", "text": "39052011" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM (component: REST (Jettison)). Supported versions that are affected are 17.0-26.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Integration. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM Integration.", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (ImageMagick)). Supported versions that are affected are 5.2, 6.0 and 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10761V-6.0", "P-9008V-17.0-26.2", "P-10761V-5.2", "P-10761V-6.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9008V-17.0-26.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU136" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10761V-6.0", "P-10761V-5.2", "P-10761V-6.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU99" } ] }, { "cve": "CVE-2026-31790", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38988847" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RDBMS (OpenSSL) component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 23.4.0-23.26.1. Easily exploitable vulnerability allows high privileged attacker having None privilege with network access via multiple protocols to compromise RDBMS (OpenSSL). Successful attacks of this vulnerability can result in takeover of RDBMS (OpenSSL). CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-23.4.0-23.26.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5(RDBMS)V-19.3-19.30", "P-5(RDBMS)V-23.4.0-23.26.1" ] } ] }, { "cve": "CVE-2026-3288", "ids": [ { "system_name": "Oracle Bug ID of Oracle Communications Unified Assurance", "text": "39077120" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications (component: Core (Ingress NGINX Controller)). The supported version that is affected is 7.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14597V-7.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14597V-7.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU62" } ], "scores": [ { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-14597V-7.0.0" ] } ] }, { "cve": "CVE-2026-33013", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "39141815" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Clusterware (Micronaut) component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 23.4.0-23.26.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Clusterware (Micronaut). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Clusterware (Micronaut) accessible data.", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Clusterware)V-19.3-19.30", "P-5(Clusterware)V-23.4.0-23.26.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Clusterware)V-19.3-19.30", "P-5(Clusterware)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ] }, { "cve": "CVE-2026-33870", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "39141815" }, { "system_name": "Oracle Bug ID of Oracle Communications Cloud Native Core Policy", "text": "39157218" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Clusterware (Micronaut) component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 23.4.0-23.26.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Clusterware (Micronaut). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Clusterware (Micronaut) accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" }, { "category": "description", "text": "Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Install (Netty)). The supported version that is affected is 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-14277V-25.1.200", "P-5(Clusterware)V-19.3-19.30", "P-5(Clusterware)V-23.4.0-23.26.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Clusterware)V-19.3-19.30", "P-5(Clusterware)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" }, { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-14277V-25.1.200" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU114" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5(Clusterware)V-19.3-19.30", "P-14277V-25.1.200", "P-5(Clusterware)V-23.4.0-23.26.1" ] } ] }, { "cve": "CVE-2026-34237", "flags": [ { "date": "2026-04-21T13:00:00-07:00", "label": "vulnerable_code_cannot_be_controlled_by_adversary", "product_ids": [ "P-5(SQLcl)V-23.4.0-23.26.1" ] } ], "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "39151488" } ], "notes": [ { "category": "description", "text": "Security-in-Depth issue in the SQLcl (MCP Java SDK) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product.", "title": "Vulnerability Description" } ], "product_status": { "known_not_affected": [ "P-5(SQLcl)V-23.4.0-23.26.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(SQLcl)V-23.4.0-23.26.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 0.0, "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "version": "3.1" }, "products": [ "P-5(SQLcl)V-23.4.0-23.26.1" ] } ], "threats": [ { "category": "impact", "date": "2026-04-21T13:00:00-07:00", "details": "The vulnerable component is present, and the component contains the vulnerable code. However, vulnerable code is used in such a way that an attacker cannot mount any anticipated attack.", "product_ids": [ "P-5(SQLcl)V-23.4.0-23.26.1" ] } ] }, { "cve": "CVE-2026-34266", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise HCM Absence Management", "text": "38633000" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (component: Absence Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Absence Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Absence Management accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Absence Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5041V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5041V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-5041V-9.2" ] } ] }, { "cve": "CVE-2026-34267", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38641887" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.45" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.45" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.45" ] } ] }, { "acknowledgments": [ { "names": [ "Ken Pyle" ] } ], "cve": "CVE-2026-34268", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38645766" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-856V-8u481", "P-13497V-21.3.17", "P-856V-8u481-b50", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "acknowledgments": [ { "names": [ "John Kounelis" ] } ], "cve": "CVE-2026-34269", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38662728" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61-8.62" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5085V-8.61-8.62" ] } ] }, { "acknowledgments": [ { "names": [ "Pavel Kohout" ], "organization": "Aisle Research" } ], "cve": "CVE-2026-34270", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38673268" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Group Replication Plugin)V-8.0.0-8.0.45", "P-8478(Server: Group Replication Plugin)V-8.4.0-8.4.8", "P-8478(Server: Group Replication Plugin)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Group Replication Plugin)V-8.0.0-8.0.45", "P-8478(Server: Group Replication Plugin)V-9.0.0-9.6.0", "P-8478(Server: Group Replication Plugin)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Group Replication Plugin)V-8.0.0-8.0.45", "P-8478(Server: Group Replication Plugin)V-9.0.0-9.6.0", "P-8478(Server: Group Replication Plugin)V-8.4.0-8.4.8" ] } ] }, { "acknowledgments": [ { "names": [ "Pavel Kohout" ], "organization": "Aisle Research" } ], "cve": "CVE-2026-34271", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38673285" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Group Replication Plugin)V-8.0.0-8.0.45", "P-8478(Server: Group Replication Plugin)V-8.4.0-8.4.8", "P-8478(Server: Group Replication Plugin)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Group Replication Plugin)V-8.0.0-8.0.45", "P-8478(Server: Group Replication Plugin)V-9.0.0-9.6.0", "P-8478(Server: Group Replication Plugin)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Group Replication Plugin)V-8.0.0-8.0.45", "P-8478(Server: Group Replication Plugin)V-9.0.0-9.6.0", "P-8478(Server: Group Replication Plugin)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-34272", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38679611" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0" ] } ] }, { "cve": "CVE-2026-34273", "ids": [ { "system_name": "Oracle Bug ID of Oracle GoldenGate", "text": "38694885" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are 23.4-23.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GoldenGate accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5757V-23.4-23.10" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5757V-23.4-23.10" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-5757V-23.4-23.10" ] } ] }, { "cve": "CVE-2026-34274", "ids": [ { "system_name": "Oracle Bug ID of Oracle Configurator", "text": "38694941" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Configurator accessible data as well as unauthorized read access to a subset of Oracle Configurator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-31V-12.2.3-12.2.15" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-31V-12.2.3-12.2.15" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-31V-12.2.3-12.2.15" ] } ] }, { "cve": "CVE-2026-34275", "ids": [ { "system_name": "Oracle Bug ID of Oracle Advanced Inbound Telephony", "text": "38695108" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Inbound Telephony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-265V-12.2.3-12.2.15" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-265V-12.2.3-12.2.15" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-265V-12.2.3-12.2.15" ] } ] }, { "acknowledgments": [ { "names": [ "Pavel Kohout" ], "organization": "Aisle Research" } ], "cve": "CVE-2026-34276", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38712932" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Group Replication Plugin)V-8.0.0-8.0.45", "P-8478(Server: Group Replication Plugin)V-8.4.0-8.4.8", "P-8478(Server: Group Replication Plugin)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Group Replication Plugin)V-8.0.0-8.0.45", "P-8478(Server: Group Replication Plugin)V-9.0.0-9.6.0", "P-8478(Server: Group Replication Plugin)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Group Replication Plugin)V-8.0.0-8.0.45", "P-8478(Server: Group Replication Plugin)V-9.0.0-9.6.0", "P-8478(Server: Group Replication Plugin)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-34277", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38751167" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Fluid Core). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61-8.62" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-5085V-8.61-8.62" ] } ] }, { "cve": "CVE-2026-34278", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38756896" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.45" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.45" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-8.0.0-8.0.45" ] } ] }, { "acknowledgments": [ { "names": [ "Jan Czerlunczakiewicz" ], "organization": "STM CYBER" } ], "cve": "CVE-2026-34279", "ids": [ { "system_name": "Oracle Bug ID of Oracle Enterprise Manager Base Platform", "text": "38769407" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1370V-13.5", "P-1370V-24.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1370V-24.1", "P-1370V-13.5" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU59" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-1370V-24.1", "P-1370V-13.5" ] } ] }, { "cve": "CVE-2026-34280", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise HCM Human Resources", "text": "38769665" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Job Profile Manager). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5071V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5071V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-5071V-9.2" ] } ] }, { "cve": "CVE-2026-34281", "ids": [ { "system_name": "Oracle Bug ID of Oracle Solaris", "text": "38774621" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-10006V-11.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-10006V-11.4" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU134" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-10006V-11.4" ] } ] }, { "cve": "CVE-2026-34282", "ids": [ { "system_name": "Oracle Bug ID of Oracle Java SE", "text": "38806439" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-856V-26", "P-13497V-21.0.10", "P-13497V-21.3.17", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-856V-26", "P-13497V-21.0.10", "P-13497V-21.3.17", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU94" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-856V-26", "P-13497V-21.0.10", "P-13497V-21.3.17", "P-856V-21.0.10", "P-13497V-17.0.18", "P-856V-25.0.2", "P-856V-8u481-perf", "P-856V-17.0.18", "P-856V-11.0.30" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34283", "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager", "text": "38821088" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data as well as unauthorized read access to a subset of Oracle Identity Manager accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1980V-12.2.1.4.0", "P-1980V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1980V-14.1.2.0.0", "P-1980V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1980V-14.1.2.0.0", "P-1980V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34284", "ids": [ { "system_name": "Oracle Bug ID of Oracle Business Process Management Suite", "text": "38821122" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Process Management Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5325V-12.2.1.4.0", "P-5325V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5325V-14.1.2.0.0", "P-5325V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5325V-14.1.2.0.0", "P-5325V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34285", "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "38821138" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1999V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-1999V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34286", "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "38821142" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1999V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-1999V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34287", "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "38821147" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1999V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-1999V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34288", "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "38821173" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1999V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-1999V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34289", "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "38821177" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1999V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-1999V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34290", "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "38821179" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager Connector. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1999V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-1999V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34291", "ids": [ { "system_name": "Oracle Bug ID of Oracle HTTP Server", "text": "38834877" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-1042(Core)V-12.2.1.4.0", "P-1042(Core)V-14.1.2.0.0" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34292", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "38834893" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2026-34293", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38848841" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: DML)V-8.0.0-8.0.45" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: DML)V-8.0.0-8.0.45" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: DML)V-8.0.0-8.0.45" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34294", "ids": [ { "system_name": "Oracle Bug ID of Oracle Identity Manager Connector", "text": "38870420" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Microsoft Active Directory). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized read access to a subset of Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1999V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1999V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "P-1999V-12.2.1.4.0" ] } ] }, { "cve": "CVE-2026-34295", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise SCM Purchasing", "text": "38871132" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise SCM Purchasing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5133V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5133V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5133V-9.2" ] } ] }, { "acknowledgments": [ { "names": [ "Zpt_dxpn" ], "organization": "Pentest Team Viettel Cyber Security" } ], "cve": "CVE-2026-34296", "ids": [ { "system_name": "Oracle Bug ID of Oracle Agile Product Lifecycle Management for Process", "text": "38899535" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4445V-6.2.4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4445V-6.2.4" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU139" } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-4445V-6.2.4" ] } ] }, { "cve": "CVE-2026-34297", "ids": [ { "system_name": "Oracle Bug ID of Oracle HCM Common Architecture", "text": "38911177" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM Common Architecture. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HCM Common Architecture accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-2021V-12.2.3-12.2.15" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-2021V-12.2.3-12.2.15" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-2021V-12.2.3-12.2.15" ] } ] }, { "cve": "CVE-2026-34298", "ids": [ { "system_name": "Oracle Bug ID of Oracle Applications Framework", "text": "38911213" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications Framework. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1472V-12.2.9-12.2.15" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1472V-12.2.9-12.2.15" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 4.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-1472V-12.2.9-12.2.15" ] } ] }, { "cve": "CVE-2026-34299", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise FIN Maintenance Management", "text": "38918594" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5001V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5001V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5001V-9.2" ] } ] }, { "cve": "CVE-2026-34300", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise FIN Contracts", "text": "38918686" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Contracts). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Contracts accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4982V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4982V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-4982V-9.2" ] } ] }, { "cve": "CVE-2026-34301", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise FIN Maintenance Management", "text": "38919755" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5001V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5001V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5001V-9.2" ] } ] }, { "cve": "CVE-2026-34302", "ids": [ { "system_name": "Oracle Bug ID of Oracle Workflow", "text": "38923187" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Workflow. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-174V-12.2.3-12.2.15" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-174V-12.2.3-12.2.15" ], "url": "https://support.oracle.com/rs?type=doc&id=KA923" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" }, "products": [ "P-174V-12.2.3-12.2.15" ] } ] }, { "acknowledgments": [ { "names": [ "Anton Fedorov" ] } ], "cve": "CVE-2026-34303", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38928287" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-34304", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38935534" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-8.4.0-8.4.8" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34305", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "38821161" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-15.1.1.0.0", "P-5242V-12.2.1.4.0", "P-5242V-14.1.2.0.0", "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-15.1.1.0.0", "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0", "P-5242V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5242V-15.1.1.0.0", "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0", "P-5242V-14.1.2.0.0" ] } ] }, { "cve": "CVE-2026-34306", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise FIN Project Costing", "text": "38957077" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (component: Projects). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Project Costing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Project Costing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5013V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5013V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5013V-9.2" ] } ] }, { "cve": "CVE-2026-34307", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "38984923" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61-8.62" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-5085V-8.61-8.62" ] } ] }, { "acknowledgments": [ { "names": [ "Joakim Bülow" ] } ], "cve": "CVE-2026-34308", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "39000847" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: JSON)V-8.4.0-8.4.8", "P-8478(Server: JSON)V-9.0.0-9.6.0", "P-8478(Server: JSON)V-8.0.0-8.0.45" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: JSON)V-9.0.0-9.6.0", "P-8478(Server: JSON)V-8.4.0-8.4.8", "P-8478(Server: JSON)V-8.0.0-8.0.45" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: JSON)V-9.0.0-9.6.0", "P-8478(Server: JSON)V-8.4.0-8.4.8", "P-8478(Server: JSON)V-8.0.0-8.0.45" ] } ] }, { "cve": "CVE-2026-34309", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise PeopleTools", "text": "39017859" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5085V-8.61-8.62" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5085V-8.61-8.62" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-5085V-8.61-8.62" ] } ] }, { "acknowledgments": [ { "names": [ "Co-tang X" ] } ], "cve": "CVE-2026-34310", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "37424045" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU144" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] } ] }, { "acknowledgments": [ { "names": [ "Aleksei Veremeev" ], "organization": "a2.solutions" } ], "cve": "CVE-2026-34312", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "39052065" } ], "notes": [ { "category": "description", "text": "Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS accessible data. CVSS 3.1 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(RDBMS)V-19.3-19.30" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(RDBMS)V-19.3-19.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "P-5(RDBMS)V-19.3-19.30" ] } ] }, { "acknowledgments": [ { "names": [ "Nguyen Tuong Huy" ], "organization": "HDBank" } ], "cve": "CVE-2026-34313", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "37561317" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU144" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] } ] }, { "acknowledgments": [ { "names": [ "Khanh Nguyen Trong" ], "organization": "Vietcombank" } ], "cve": "CVE-2026-34314", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "38167400" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU144" } ], "scores": [ { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-34315", "ids": [ { "system_name": "Oracle Bug ID of Oracle WebLogic Server", "text": "38821168" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5242V-15.1.1.0.0", "P-5242V-12.2.1.4.0", "P-5242V-14.1.2.0.0", "P-5242V-14.1.1.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5242V-15.1.1.0.0", "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0", "P-5242V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "P-5242V-15.1.1.0.0", "P-5242V-14.1.1.0.0", "P-5242V-12.2.1.4.0", "P-5242V-14.1.2.0.0" ] } ] }, { "acknowledgments": [ { "names": [ "4ra1n" ] } ], "cve": "CVE-2026-34317", "ids": [ { "system_name": "Oracle Bug ID of MySQL Shell", "text": "39116933" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Shell: Core Client)V-9.0.0-9.6.0", "P-8478(Shell: Core Client)V-8.4.0-8.4.8", "P-8478(Shell: Core Client)V-8.0.0-8.0.45" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Shell: Core Client)V-8.4.0-8.4.8", "P-8478(Shell: Core Client)V-8.0.0-8.0.45", "P-8478(Shell: Core Client)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 5.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Shell: Core Client)V-8.4.0-8.4.8", "P-8478(Shell: Core Client)V-8.0.0-8.0.45", "P-8478(Shell: Core Client)V-9.0.0-9.6.0" ] } ] }, { "acknowledgments": [ { "names": [ "4ra1n" ] } ], "cve": "CVE-2026-34318", "ids": [ { "system_name": "Oracle Bug ID of MySQL Shell", "text": "39116948" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Shell: Core Client)V-9.0.0-9.6.0", "P-8478(Shell: Core Client)V-8.4.0-8.4.8", "P-8478(Shell: Core Client)V-8.0.0-8.0.45" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Shell: Core Client)V-8.4.0-8.4.8", "P-8478(Shell: Core Client)V-8.0.0-8.0.45", "P-8478(Shell: Core Client)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 5.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-8478(Shell: Core Client)V-8.4.0-8.4.8", "P-8478(Shell: Core Client)V-8.0.0-8.0.45", "P-8478(Shell: Core Client)V-9.0.0-9.6.0" ] } ] }, { "acknowledgments": [ { "names": [ "4ra1n" ] } ], "cve": "CVE-2026-34319", "ids": [ { "system_name": "Oracle Bug ID of MySQL Shell", "text": "39116954" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Shell: Core Client)V-9.0.0-9.6.0", "P-8478(Shell: Core Client)V-8.4.0-8.4.8", "P-8478(Shell: Core Client)V-8.0.0-8.0.45" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Shell: Core Client)V-8.4.0-8.4.8", "P-8478(Shell: Core Client)V-8.0.0-8.0.45", "P-8478(Shell: Core Client)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 5.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Shell: Core Client)V-8.4.0-8.4.8", "P-8478(Shell: Core Client)V-8.0.0-8.0.45", "P-8478(Shell: Core Client)V-9.0.0-9.6.0" ] } ] }, { "acknowledgments": [ { "names": [ "Khanh Nguyen Trong" ], "organization": "Vietcombank" } ], "cve": "CVE-2026-34320", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Customer Screening", "text": "38275417" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13212V-8.1.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13212V-8.1.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU92" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13212V-8.1.2.8.0" ] } ] }, { "acknowledgments": [ { "names": [ "Khanh Nguyen Trong" ], "organization": "Vietcombank" } ], "cve": "CVE-2026-34321", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "38275448" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU144" } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] } ] }, { "cve": "CVE-2026-34323", "ids": [ { "system_name": "Oracle Bug ID of Oracle Life Sciences InForm", "text": "38444256" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: IDM Authentication). Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Life Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Life Sciences InForm. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9636V-7.0.1.0", "P-9636V-7.0.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9636V-7.0.1.0", "P-9636V-7.0.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU132" } ], "scores": [ { "cvss_v3": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-9636V-7.0.1.0", "P-9636V-7.0.1.1" ] } ] }, { "cve": "CVE-2026-34324", "ids": [ { "system_name": "Oracle Bug ID of Oracle Life Sciences InForm", "text": "38444286" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: App Server). Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences InForm. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Life Sciences InForm accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9636V-7.0.1.0", "P-9636V-7.0.1.1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9636V-7.0.1.0", "P-9636V-7.0.1.1" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU132" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-9636V-7.0.1.0", "P-9636V-7.0.1.1" ] } ] }, { "cve": "CVE-2026-34325", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Analytical Applications Infrastructure", "text": "38488535" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Analytical Applications Infrastructure executes to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU144" } ], "scores": [ { "cvss_v3": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H", "version": "3.1" }, "products": [ "P-5680V-8.1.2.5", "P-5680V-8.0.7.9", "P-5680V-8.0.8.7" ] } ] }, { "cve": "CVE-2026-35229", "ids": [ { "system_name": "Oracle Bug ID of Oracle Database Server", "text": "38952136" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5(Java VM)V-19.3-19.30", "P-5(Java VM)V-21.3-21.21" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5(Java VM)V-21.3-21.21", "P-5(Java VM)V-19.3-19.30" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU58" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5(Java VM)V-21.3-21.21", "P-5(Java VM)V-19.3-19.30" ] } ] }, { "acknowledgments": [ { "names": [ "VMBreakers (Gangmin Kim, Sangbin Kim, Un3xploitable) working with Trend Micro Zero Day Initiative" ] } ], "cve": "CVE-2026-35230", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "39138605" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.2.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU143" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-7.2.6" ] } ] }, { "acknowledgments": [ { "names": [ "Khanh Nguyen Trong" ], "organization": "Vietcombank" } ], "cve": "CVE-2026-35231", "ids": [ { "system_name": "Oracle Bug ID of Oracle Financial Services Transaction Filtering", "text": "38811177" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Transaction Filtering. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Transaction Filtering accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-13311V-8.1.2.8.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-13311V-8.1.2.8.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU93" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-13311V-8.1.2.8.0" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-35232", "ids": [ { "system_name": "Oracle Bug ID of Oracle Fusion Middleware", "text": "38821113" } ], "notes": [ { "category": "description", "text": "Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-1032V-12.2.1.4.0", "P-1032V-14.1.2.0.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-1032V-12.2.1.4.0", "P-1032V-14.1.2.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "P-1032V-12.2.1.4.0", "P-1032V-14.1.2.0.0" ] } ] }, { "cve": "CVE-2026-35234", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38947039" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Partition)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Partition)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Partition)V-9.0.0-9.6.0" ] } ] }, { "cve": "CVE-2026-35235", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "38998871" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: GIS)V-9.0.0-9.6.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: GIS)V-9.0.0-9.6.0" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: GIS)V-9.0.0-9.6.0" ] } ] }, { "cve": "CVE-2026-35236", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "39033858" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-35237", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "39040128" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-35238", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "39040226" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(InnoDB)V-9.0.0-9.6.0", "P-8478(InnoDB)V-8.0.0-8.0.45", "P-8478(InnoDB)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-35239", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "39057054" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: DML)V-9.0.0-9.6.0", "P-8478(Server: DML)V-8.4.0-8.4.8", "P-8478(Server: DML)V-8.0.0-8.0.45" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: DML)V-8.4.0-8.4.8", "P-8478(Server: DML)V-9.0.0-9.6.0", "P-8478(Server: DML)V-8.0.0-8.0.45" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: DML)V-8.4.0-8.4.8", "P-8478(Server: DML)V-9.0.0-9.6.0", "P-8478(Server: DML)V-8.0.0-8.0.45" ] } ] }, { "acknowledgments": [ { "names": [ "yx" ] } ], "cve": "CVE-2026-35240", "ids": [ { "system_name": "Oracle Bug ID of MySQL Server", "text": "39071552" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU148" } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8478(Server: Optimizer)V-9.0.0-9.6.0", "P-8478(Server: Optimizer)V-8.0.0-8.0.45", "P-8478(Server: Optimizer)V-8.4.0-8.4.8" ] } ] }, { "cve": "CVE-2026-35241", "ids": [ { "system_name": "Oracle Bug ID of PeopleSoft Enterprise CS Student Records", "text": "39137786" } ], "notes": [ { "category": "description", "text": "Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Student Records. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Student Records accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-5182V-9.2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-5182V-9.2" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU138" } ], "scores": [ { "cvss_v3": { "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-5182V-9.2" ] } ] }, { "acknowledgments": [ { "names": [ "fstmpr" ] } ], "cve": "CVE-2026-35242", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "39052421" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.2.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU143" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-7.2.6" ] } ] }, { "acknowledgments": [ { "names": [ "yoloClin" ], "organization": "Radiant Security" } ], "cve": "CVE-2026-35243", "ids": [ { "system_name": "Oracle Bug ID of Oracle Application Development Framework (ADF)", "text": "39076126" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-807V-14.1.2.0.0", "P-807V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-807V-14.1.2.0.0", "P-807V-12.2.1.4.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-807V-14.1.2.0.0", "P-807V-12.2.1.4.0" ] } ] }, { "acknowledgments": [ { "names": [ "Pierre_Adams" ] } ], "cve": "CVE-2026-35244", "ids": [ { "system_name": "Oracle Bug ID of Oracle Hyperion Infrastructure Technology", "text": "38834754" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Infrastructure Technology accessible data as well as unauthorized read access to a subset of Oracle Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-4392V-11.2.24.0.000" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-4392V-11.2.24.0.000" ], "url": "https://support.oracle.com/rs?type=doc&id=KA812" } ], "scores": [ { "cvss_v3": { "baseScore": 5.2, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "P-4392V-11.2.24.0.000" ] } ] }, { "acknowledgments": [ { "names": [ "ehdgks0627" ] } ], "cve": "CVE-2026-35245", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "38945782" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.2.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU143" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "P-8370V-7.2.6" ] } ] }, { "acknowledgments": [ { "names": [ "Anwar Dawa" ] } ], "cve": "CVE-2026-35246", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "39076773" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.2.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU143" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-7.2.6" ] } ] }, { "acknowledgments": [ { "names": [ "Diego Palacios" ] } ], "cve": "CVE-2026-35247", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "39047754" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.2.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU143" } ], "scores": [ { "cvss_v3": { "baseScore": 6.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "P-8370V-7.2.6" ] } ] }, { "acknowledgments": [ { "names": [ "Aaron Esau" ] } ], "cve": "CVE-2026-35248", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "39187846" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.2.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU143" } ], "scores": [ { "cvss_v3": { "baseScore": 5.0, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "P-8370V-7.2.6" ] } ] }, { "acknowledgments": [ { "names": [ "nosocksinbirks" ] } ], "cve": "CVE-2026-35249", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "39047713" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.2.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU143" } ], "scores": [ { "cvss_v3": { "baseScore": 3.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "P-8370V-7.2.6" ] } ] }, { "acknowledgments": [ { "names": [ "Mert" ] } ], "cve": "CVE-2026-35250", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "39121505" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.2.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU143" } ], "scores": [ { "cvss_v3": { "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "P-8370V-7.2.6" ] } ] }, { "acknowledgments": [ { "names": [ "Bartosz Micha?owski" ] }, { "names": [ "Jan Kami?ski" ] }, { "names": [ "Kamil Frankowicz" ] } ], "cve": "CVE-2026-35251", "ids": [ { "system_name": "Oracle Bug ID of Oracle VM VirtualBox", "text": "39121554" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-8370V-7.2.6" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-8370V-7.2.6" ], "url": "https://support.oracle.com/rs?type=doc&id=CPU143" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-8370V-7.2.6" ] } ] }, { "cve": "CVE-2026-35252", "ids": [ { "system_name": "Oracle Bug ID of Oracle Security Service", "text": "37055931" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API). Supported versions that are affected are 12.2.1.4.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Security Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-991V-12.1.3.0.0", "P-991V-12.2.1.4.0" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-991V-12.2.1.4.0", "P-991V-12.1.3.0.0" ], "url": "https://support.oracle.com/rs?type=doc&id=KA1574" } ], "scores": [ { "cvss_v3": { "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "P-991V-12.2.1.4.0", "P-991V-12.1.3.0.0" ] } ] } ] }